Show filters
506 topics marked with the following tags:
Displaying 21-30 of 506
Sort by:
Attacker Value
High
CVE-2023-28879
Disclosure Date: March 31, 2023 (last updated October 08, 2023)
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
2
Attacker Value
Low
CVE-2020-9339
Disclosure Date: February 22, 2020 (last updated October 06, 2023)
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
0
Attacker Value
Very High
CVE-2015-9107
Disclosure Date: August 04, 2017 (last updated October 05, 2023)
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
0
Attacker Value
Very High
CVE-2017-6526
Disclosure Date: March 09, 2017 (last updated October 05, 2023)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
0
Attacker Value
Low
CVE-2021-21956
Disclosure Date: November 22, 2021 (last updated October 07, 2023)
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
1
Attacker Value
Moderate
CVE-2019-8451
Disclosure Date: September 11, 2019 (last updated October 06, 2023)
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
1
Attacker Value
Moderate
CVE-2022-23642
Disclosure Date: February 18, 2022 (last updated October 07, 2023)
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.
1
Attacker Value
Low
CVE-2020-9269
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
0
Attacker Value
High
CVE-2023-21932
Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
2
Attacker Value
High
CVE-2020-35846
Disclosure Date: December 30, 2020 (last updated October 07, 2023)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
3