Show filters
102 topics marked with the following tags:
Displaying 1-10 of 102
Sort by:
Attacker Value
Moderate

CVE-2019-12256 - VxWorks IPv4 Options Buffer Overflow

Disclosure Date: August 09, 2019 (last updated December 06, 2023)
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
Attacker Value
Very Low

CVE-2020-1425 - Windows Codecs Library RCE

Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
5
Attacker Value
Moderate

Chrome Cookie Extraction

Last updated March 16, 2020
Extract cookies from Chrome using Chrome's Remote Debugging Protocol
0
Attacker Value
Low

Amnesia:33

Last updated December 08, 2020
[Amnesia:33](https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/) is a group of 33 vulnerabilities in open-source TCP/IP stack libraries. The vulnerabilities may be present in a wide range of operational technology, IoT, and connected device implementations.
8
Attacker Value
Low

CVE-2022-1471

Disclosure Date: December 01, 2022 (last updated October 08, 2023)
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Attacker Value
Very Low

CVE-2019-9169

Disclosure Date: February 26, 2019 (last updated November 08, 2023)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Attacker Value
Very High

CVE-2022-41622

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Very Low

CVE-2024-24942

Disclosure Date: February 06, 2024 (last updated February 09, 2024)
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Attacker Value
High

CVE-2023-25690

Disclosure Date: March 07, 2023 (last updated January 03, 2024)
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Attacker Value
Very High

CVE-2019-0230

Disclosure Date: September 14, 2020 (last updated November 08, 2023)
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.