CVE-2019-16057: D-Link DNS-320 Remote Code Execution Vulnerability
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
● Live advisory feed
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrom…
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.