Show filters
480 topics marked with the following tags:
Displaying 11-20 of 480
Sort by:
Attacker Value
High
CVE-2023-0339
Last updated April 19, 2023
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
4
Attacker Value
Very Low
CVE-2018-1890
Disclosure Date: March 11, 2019 (last updated October 06, 2023)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
1
Attacker Value
Very Low
CVE-2019-11773
Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Unknown
CVE-2021-34787
Disclosure Date: October 27, 2021 (last updated November 08, 2023)
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.
1
Attacker Value
Very High
CVE-2023-0129
Disclosure Date: January 10, 2023 (last updated October 08, 2023)
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
1
Attacker Value
Very High
CVE-2023-37580
Disclosure Date: July 31, 2023 (last updated October 08, 2023)
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
2
Attacker Value
Very Low
CVE-2022-29799 "Nimbuspwn"
Disclosure Date: September 21, 2022 (last updated October 08, 2023)
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.
5
Attacker Value
Moderate
CVE-2020-10204
Disclosure Date: April 01, 2020 (last updated October 06, 2023)
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
0
Attacker Value
Very High
CVE-2018-8302
Disclosure Date: August 15, 2018 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
0
Attacker Value
Very High
CVE-2022-26809
Disclosure Date: April 15, 2022 (last updated October 07, 2023)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
4