Show filters
327 topics marked with the following tags:
Displaying 11-20 of 327
Sort by:
Attacker Value
Very High
CVE-2022-26809
Last updated April 15, 2022
Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528.
3
Attacker Value
Very Low
CVE-2022-29799
Last updated May 05, 2022
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
4
Attacker Value
Very High
CVE-2015-9107
Disclosure Date: August 04, 2017 (last updated June 05, 2020)
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
0
Attacker Value
Moderate
CVE-2021-29483
Disclosure Date: April 28, 2021 (last updated May 08, 2021)
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
1
Attacker Value
High
CVE-2020-8864
Disclosure Date: March 23, 2020 (last updated July 24, 2020)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.
0
Attacker Value
Very Low
CVE-2018-1890
Disclosure Date: March 11, 2019 (last updated July 24, 2020)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
1
Attacker Value
Very Low
CVE-2019-11771
Disclosure Date: July 17, 2019 (last updated July 24, 2020)
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Moderate
CVE-2019-10692
Disclosure Date: April 02, 2019 (last updated July 30, 2020)
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
0
Attacker Value
Very High
CVE-2016-1561
Disclosure Date: April 21, 2017 (last updated July 30, 2020)
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
0
Attacker Value
Moderate
CVE-2020-8644
Disclosure Date: February 05, 2020 (last updated July 30, 2020)
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
0