Show filters
84 topics marked with the following tags:
Displaying 1-10 of 84
Sort by:
Attacker Value
Moderate
CVE-2019-12256 - VxWorks IPv4 Options Buffer Overflow
Disclosure Date: August 09, 2019 (last updated February 13, 2020)
This vulnerability can be triggered by a specially crafted IP packet sent to the target device, even as a broadcast or multicast packet. It does not require any specific application or configuration to be running on the device, and it affects any device running VxWorks v6.9.4 or above with a network connection. The vulnerability causes a stack overflow in the handling of IP options in the IPv4 header, making it easy to reach RCE by it.
0
Attacker Value
Unknown
CVE-2023-25610
Last updated February 08, 2023
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Low
Amnesia:33
Last updated December 08, 2020
[Amnesia:33](https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/) is a group of 33 vulnerabilities in open-source TCP/IP stack libraries. The vulnerabilities may be present in a wide range of operational technology, IoT, and connected device implementations.
7
Attacker Value
Moderate
Chrome Cookie Extraction
Last updated March 16, 2020
Extract cookies from Chrome using Chrome's Remote Debugging Protocol
0
Attacker Value
Very Low
CVE-2022-0540
Disclosure Date: April 20, 2022 (last updated April 20, 2022)
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
3
Attacker Value
High
CVE-2022-24780
Last updated April 05, 2022
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
1
Attacker Value
Very High
CVE-2022-41800
Last updated January 20, 2023
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Very High
CVE-2020-17530
Disclosure Date: December 11, 2020 (last updated December 15, 2020)
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
1
Attacker Value
Very Low
CVE-2019-9169
Disclosure Date: February 26, 2019 (last updated July 09, 2020)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
0
Attacker Value
Very High
CVE-2022-41622
Last updated January 20, 2023
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
2