Show filters
474 topics marked with the following tags:
Displaying 21-30 of 474
Sort by:
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
Very High

CVE-2023-28489

Disclosure Date: April 11, 2023 (last updated October 08, 2023)
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
Attacker Value
Moderate

CVE-2022-31661

Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Attacker Value
Very High

CVE-2024-0204

Disclosure Date: January 22, 2024 (last updated January 30, 2024)
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Attacker Value
Very High

CVE-2022-41622

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
High

CVE-2021-3287

Disclosure Date: April 22, 2021 (last updated October 07, 2023)
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Attacker Value
Very High

CVE-2017-15889

Disclosure Date: December 04, 2017 (last updated October 05, 2023)
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
Attacker Value
Very High

CVE-2020-10644

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
Very High

CVE-2014-2591

Disclosure Date: May 14, 2014 (last updated October 05, 2023)
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
1
Attacker Value
Very High

CVE-2020-17132

Disclosure Date: December 10, 2020 (last updated December 30, 2023)
Microsoft Exchange Remote Code Execution Vulnerability