Topics

Sort by:
Attacker Value
Very High

CVE-2022-31791

Disclosure Date: September 06, 2022 (last updated October 08, 2023)
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Attacker Value
Very High

CVE-2024-2054

Last updated March 05, 2024
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
2
Attacker Value
Very High

CVE-2022-26318

Disclosure Date: March 04, 2022 (last updated October 07, 2023)
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Attacker Value
Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated March 05, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
2
Attacker Value
Very High

CVE-2024-27198

Disclosure Date: March 04, 2024 (last updated March 06, 2024)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Attacker Value
High

CVE-2024-23334

Disclosure Date: January 29, 2024 (last updated February 06, 2024)
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Attacker Value
Unknown

CVE-2024-21423

Disclosure Date: February 23, 2024 (last updated February 24, 2024)
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Attacker Value
Very High

CVE-2023-47218

Disclosure Date: February 13, 2024 (last updated February 13, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
2
Attacker Value
Low

CVE-2024-1548

Disclosure Date: February 20, 2024 (last updated February 21, 2024)
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
1
Attacker Value
Very High

CVE-2020-3259

Disclosure Date: May 06, 2020 (last updated February 16, 2024)
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.