Show filters
81 topics marked with the following tags:
Displaying 21-30 of 81
Sort by:
Attacker Value
Unknown
CVE-2023-3079
Disclosure Date: June 05, 2023 (last updated June 29, 2024)
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
1
Attacker Value
Unknown
CVE-2021-33044
Disclosure Date: September 15, 2021 (last updated August 22, 2024)
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
1
Attacker Value
High
CVE-2022-21882
Disclosure Date: January 11, 2022 (last updated November 16, 2024)
Win32k Elevation of Privilege Vulnerability
5
Attacker Value
Unknown
CVE-2021-26138
Last updated September 06, 2024
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
1
Attacker Value
Moderate
CVE-2022-22947
Disclosure Date: March 03, 2022 (last updated November 29, 2024)
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
2
Attacker Value
Very High
CVE-2022-27925
Disclosure Date: April 21, 2022 (last updated November 29, 2024)
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
5
Attacker Value
Low
CVE-2023-33246
Disclosure Date: May 24, 2023 (last updated June 28, 2024)
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
3
Attacker Value
Unknown
CVE-2016-8735
Disclosure Date: April 06, 2017 (last updated June 28, 2024)
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
0
Attacker Value
Low
CVE-2023-6209
Disclosure Date: November 21, 2023 (last updated November 29, 2023)
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
2
Attacker Value
High
CVE-2023-35078
Disclosure Date: July 25, 2023 (last updated January 04, 2025)
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
8