Show filters
29 topics marked with the following tags:
Displaying 1-10 of 29
Sort by:
Attacker Value
Unknown

CVE-2023-33010

Disclosure Date: May 24, 2023 (last updated October 08, 2023)
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Attacker Value
Unknown

CVE-2020-12641

Disclosure Date: May 04, 2020 (last updated October 06, 2023)
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Attacker Value
Unknown

CVE-2022-27926

Disclosure Date: April 21, 2022 (last updated October 07, 2023)
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
Attacker Value
Unknown

CVE-2023-5631

Disclosure Date: October 18, 2023 (last updated December 23, 2023)
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
Attacker Value
Unknown

CVE-2024-20353

Disclosure Date: April 24, 2024 (last updated April 27, 2024)
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
Attacker Value
Unknown

CVE-2022-38028

Disclosure Date: October 11, 2022 (last updated May 24, 2024)
Windows Print Spooler Elevation of Privilege Vulnerability
Attacker Value
Unknown

CVE-2016-8735

Disclosure Date: April 06, 2017 (last updated June 28, 2024)
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Attacker Value
Very High

CVE-2024-21887

Disclosure Date: January 12, 2024 (last updated January 13, 2024)
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Attacker Value
Unknown

CVE-2022-41328

Disclosure Date: March 07, 2023 (last updated October 08, 2023)
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Attacker Value
Low

CVE-2023-6209

Disclosure Date: November 21, 2023 (last updated November 29, 2023)
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.