Show filters
658 topics marked with the following tags:
Displaying 1-10 of 658
Sort by:
Attacker Value
Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated March 05, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
3
Attacker Value
Low

CVE-2022-1471

Disclosure Date: December 01, 2022 (last updated October 08, 2023)
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Attacker Value
Very High

CVE-2021-28544

Disclosure Date: April 12, 2022 (last updated October 07, 2023)
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
Attacker Value
High

CVE-2019-1068

Disclosure Date: July 15, 2019 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Attacker Value
Very High

CVE-2020-9463

Disclosure Date: February 28, 2020 (last updated October 06, 2023)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Attacker Value
Very High

CVE-2024-28995

Disclosure Date: June 06, 2024 (last updated June 13, 2024)
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Attacker Value
Moderate

CVE-2020-12004

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
High

CVE-2021-26897

Disclosure Date: March 11, 2021 (last updated December 30, 2023)
Windows DNS Server Remote Code Execution Vulnerability
Attacker Value
Low

CVE-2022-0739

Disclosure Date: March 21, 2022 (last updated October 07, 2023)
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
Attacker Value
High

CVE-2024-2044

Disclosure Date: March 07, 2024 (last updated March 14, 2024)
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
2