Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44649 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 7.8 HIGH
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44648 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 5.5 MEDIUM
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
CVE-2022-44650 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 7.8 HIGH
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2016-8713 1 Gonitro 1 Nitro Pdf Pro 2022-12-13 6.8 MEDIUM 7.8 HIGH
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
CVE-2022-37909 1 Arubanetworks 2 Arubaos, Sd-wan 2022-12-13 N/A 5.3 MEDIUM
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
CVE-2016-8712 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-12-13 4.3 MEDIUM 8.1 HIGH
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.
CVE-2016-8711 1 Gonitro 1 Nitro Pdf Pro 2022-12-13 6.8 MEDIUM 7.8 HIGH
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
CVE-2016-8710 1 Libbpg Project 1 Libbpg 2022-12-13 6.8 MEDIUM 7.8 HIGH
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.
CVE-2016-8709 1 Gonitro 1 Nitro Pdf Pro 2022-12-13 6.8 MEDIUM 7.8 HIGH
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
CVE-2016-8707 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2022-12-13 6.8 MEDIUM 7.8 HIGH
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVE-2010-4606 2 Ibm, Linux 2 Tivoli Storage Manager, Linux Kernel 2022-12-13 7.5 HIGH N/A
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."
CVE-2016-8390 1 Cryptic-apps 1 Hopper Disassembler 2022-12-13 6.8 MEDIUM 7.8 HIGH
An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.
CVE-2016-8389 1 Iceni 1 Argus 2022-12-13 9.3 HIGH 7.8 HIGH
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.
CVE-2016-8388 1 Iceni 1 Argus 2022-12-13 9.3 HIGH 7.8 HIGH
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.
CVE-2010-4604 2 Ibm, Linux 2 Tivoli Storage Manager, Linux Kernel 2022-12-13 7.2 HIGH N/A
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
CVE-2016-8386 1 Iceni 1 Argus 2022-12-13 9.3 HIGH 7.8 HIGH
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.
CVE-2022-37910 1 Arubanetworks 2 Arubaos, Sd-wan 2022-12-13 N/A 6.5 MEDIUM
A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.
CVE-2016-8387 1 Iceni 1 Argus 2022-12-13 9.3 HIGH 7.8 HIGH
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.
CVE-2016-8385 1 Iceni 1 Argus 2022-12-13 9.3 HIGH 7.8 HIGH
An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.
CVE-2016-8383 1 Marklogic 1 Marklogic 2022-12-13 6.8 MEDIUM 8.8 HIGH
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.