| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DHCP Server Service Remote Code Execution Vulnerability |
| Windows Bluetooth Driver Remote Code Execution Vulnerability |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Windows Domain Name Service Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Microsoft SQL Server Remote Code Execution Vulnerability |
| ** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. |
| vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
| RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). |
| Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires an authentication bypass issue to be triggered before this can be exploited.
This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. |
