Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.
.NET and Visual Studio Elevation of Privilege Vulnerability
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
Microsoft Defender for IoT Remote Code Execution Vulnerability
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race condition vulnerability. Successful exploitation could lead to arbitrary code execution .
.NET Core Remote Code Execution Vulnerability
Netlogon RPC Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.
TorchGeo Remote Code Execution Vulnerability
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
LightGBM Remote Code Execution Vulnerability
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
Windows Kerberos Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262