Show filters
81 topics marked with the following tags:
Displaying 11-20 of 81
Sort by:
Attacker Value
High

CVE-2023-21932

Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
Attacker Value
Very High

CVE-2021-45837

Disclosure Date: April 25, 2022 (last updated October 07, 2023)
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
Attacker Value
Unknown

CVE-2022-22005

Disclosure Date: February 09, 2022 (last updated November 29, 2024)
Microsoft SharePoint Server Remote Code Execution Vulnerability
1
Attacker Value
Unknown

CVE-2021-43207

Disclosure Date: December 15, 2021 (last updated December 28, 2023)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Attacker Value
Unknown

CVE-2021-44142

Disclosure Date: January 31, 2022 (last updated October 07, 2023)
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Attacker Value
Unknown

CVE-2020-15069

Disclosure Date: June 29, 2020 (last updated November 28, 2024)
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Attacker Value
Unknown

CVE-2017-4946

Disclosure Date: January 05, 2018 (last updated November 26, 2024)
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
1
Attacker Value
High

CVE-2023-25690

Disclosure Date: March 07, 2023 (last updated January 03, 2024)
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Attacker Value
Unknown

CVE-2023-45727

Disclosure Date: October 18, 2023 (last updated October 26, 2023)
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
Attacker Value
Unknown

CVE-2021-43226

Disclosure Date: December 15, 2021 (last updated December 28, 2023)
Windows Common Log File System Driver Elevation of Privilege Vulnerability