Show filters
555 topics marked with the following tags:
Displaying 81-90 of 555
Sort by:
Attacker Value
Moderate

CVE-2024-6235

Disclosure Date: July 10, 2024 (last updated July 11, 2024)
Sensitive information disclosure in NetScaler Console
1
Attacker Value
Very Low

CVE-2024-20931

Disclosure Date: February 17, 2024 (last updated December 21, 2024)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Attacker Value
Moderate

CVE-2019-19194

Disclosure Date: February 12, 2020 (last updated November 27, 2024)
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.
Attacker Value
Low

CVE-2018-1211

Disclosure Date: March 23, 2018 (last updated November 26, 2024)
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
2
Attacker Value
Moderate

CVE-2022-43939

Disclosure Date: April 03, 2023 (last updated October 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 
Attacker Value
Very High

CVE-2023-35885

Disclosure Date: June 20, 2023 (last updated October 08, 2023)
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
Attacker Value
Very High

CVE-2024-41874

Disclosure Date: September 13, 2024 (last updated September 14, 2024)
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.
Attacker Value
Very Low

CVE-2018-1000116

Disclosure Date: March 07, 2018 (last updated November 26, 2024)
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
3
Attacker Value
Very High

CVE-2021-21307

Disclosure Date: February 11, 2021 (last updated November 28, 2024)
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
Attacker Value
Moderate

CVE-2022-0482

Disclosure Date: March 09, 2022 (last updated October 07, 2023)
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.