Show filters
483 topics marked with the following tags:
Displaying 21-30 of 483
Sort by:
Attacker Value
Unknown

CVE-2021-44142

Disclosure Date: January 31, 2022 (last updated October 07, 2023)
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Attacker Value
Very Low

CVE-2019-4473

Disclosure Date: August 05, 2019 (last updated October 06, 2023)
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Attacker Value
Very High

CVE-2023-28489

Disclosure Date: April 11, 2023 (last updated October 08, 2023)
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
Attacker Value
Very High

CVE-2024-0204

Disclosure Date: January 22, 2024 (last updated January 30, 2024)
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Attacker Value
Very High

CVE-2022-41622

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Moderate

CVE-2022-31661

Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Attacker Value
Very High

CVE-2013-3576

Disclosure Date: June 14, 2013 (last updated October 05, 2023)
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
0
Attacker Value
Moderate

CVE-2019-9053

Disclosure Date: March 26, 2019 (last updated October 06, 2023)
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Attacker Value
High

CVE-2020-7460

Disclosure Date: August 06, 2020 (last updated October 07, 2023)
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
Attacker Value
Very High

CVE-2021-21307

Disclosure Date: February 11, 2021 (last updated October 07, 2023)
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.