Show filters
81 topics marked with the following tags:
Displaying 1-10 of 81
Sort by:
Attacker Value
Unknown
CVE-2022-25064
Disclosure Date: February 25, 2022 (last updated October 07, 2023)
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
1
Attacker Value
Unknown
CVE-2022-24665
Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
1
Attacker Value
Unknown
CVE-2023-32784
Disclosure Date: May 15, 2023 (last updated October 08, 2023)
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
1
Attacker Value
Unknown
CVE-2022-24663
Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
1
Attacker Value
Unknown
CVE-2022-24785
Disclosure Date: April 04, 2022 (last updated October 07, 2023)
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
1
Attacker Value
Unknown
CVE-2022-24664
Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
1
Attacker Value
Unknown
CVE-2023-33010
Disclosure Date: May 24, 2023 (last updated October 08, 2023)
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
1
Attacker Value
High
CVE-2023-21932
Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
3
Attacker Value
Unknown
CVE-2017-4946
Disclosure Date: January 05, 2018 (last updated November 26, 2024)
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
1
Attacker Value
Unknown
CVE-2020-15069
Disclosure Date: June 29, 2020 (last updated November 28, 2024)
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
0