Show filters
474 topics marked with the following tags:
Displaying 1-10 of 474
Sort by:
Attacker Value
Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated March 05, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
3
Attacker Value
Very Low

CVE-2020-17482

Disclosure Date: October 02, 2020 (last updated October 07, 2023)
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
Attacker Value
Very High

CVE-2023-47218

Disclosure Date: February 13, 2024 (last updated February 13, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
3
Attacker Value
High

CVE-2023-21932

Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated October 07, 2023)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attacker Value
Very High

CVE-2023-42820

Disclosure Date: September 27, 2023 (last updated October 08, 2023)
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.
Attacker Value
Very High

CVE-2022-29110

Disclosure Date: May 10, 2022 (last updated December 21, 2023)
Microsoft Excel Remote Code Execution Vulnerability
Attacker Value
High

CVE-2020-5344

Disclosure Date: March 26, 2020 (last updated October 06, 2023)
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
Attacker Value
Moderate

CVE-2020-2040

Disclosure Date: September 09, 2020 (last updated October 07, 2023)
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated November 08, 2023)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.