Show filters
38 topics marked with the following tags:
Displaying 1-10 of 38
Sort by:
Attacker Value
Moderate
CVE-2019-13990
Disclosure Date: July 26, 2019 (last updated December 23, 2023)
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
2
Attacker Value
Moderate
CVE-2022-43781
Disclosure Date: November 17, 2022 (last updated October 03, 2024)
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
1
Attacker Value
Low
CVE-2024-22026
Disclosure Date: May 22, 2024 (last updated May 24, 2024)
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
2
Attacker Value
Low
CVE-2023-6209
Disclosure Date: November 21, 2023 (last updated November 29, 2023)
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
2
Attacker Value
Very Low
CVE-2024-31077
Disclosure Date: April 23, 2024 (last updated April 23, 2024)
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.
1
Attacker Value
Low
CVE-2021-21431
Disclosure Date: April 09, 2021 (last updated November 28, 2024)
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.
1
Attacker Value
Low
CVE-2024-21683
Disclosure Date: May 21, 2024 (last updated June 10, 2024)
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.
1
Attacker Value
Moderate
CVE-2024-30104
Disclosure Date: June 11, 2024 (last updated June 21, 2024)
Microsoft Office Remote Code Execution Vulnerability
0
Attacker Value
Very High
CVE-2020-15867
Disclosure Date: October 16, 2020 (last updated November 28, 2024)
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
1
Attacker Value
Very High
CVE-2010-4172
Disclosure Date: November 26, 2010 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3