Show filters
91 Total Results
Displaying 1-10 of 91
Sort by:
Attacker Value
Unknown
CVE-2022-34397
Disclosure Date: February 13, 2023 (last updated October 08, 2023)
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
0
Attacker Value
Unknown
CVE-2022-45104
Disclosure Date: February 11, 2023 (last updated November 08, 2023)
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.
0
Attacker Value
Unknown
CVE-2022-45103
Disclosure Date: January 18, 2023 (last updated November 08, 2023)
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
0
Attacker Value
Unknown
CVE-2022-31233
Disclosure Date: June 27, 2022 (last updated October 08, 2023)
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
0
Attacker Value
Unknown
CVE-2021-36338
Disclosure Date: December 19, 2021 (last updated October 07, 2023)
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
0
Attacker Value
Unknown
CVE-2021-36339
Disclosure Date: December 19, 2021 (last updated November 28, 2024)
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
0
Attacker Value
Unknown
CVE-2021-28165
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
0
Attacker Value
Unknown
CVE-2021-28164
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
0
Attacker Value
Unknown
CVE-2021-28163
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
0
Attacker Value
Unknown
CVE-2020-13954
Disclosure Date: November 12, 2020 (last updated February 22, 2025)
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
0