Show filters
12,589 Total Results
Displaying 41-50 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2023-35081

Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-28703

Disclosure Date: May 30, 2023 (last updated October 08, 2023)
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-28700

Disclosure Date: May 30, 2023 (last updated October 08, 2023)
OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
Attack Vector: Adjacent NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20174

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20164

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20163

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20106

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20166

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: LocalPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-20173

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2022-47617

Disclosure Date: May 02, 2023 (last updated October 08, 2023)
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
1
0
View More Topics  < Previous  Next >