Topics
Sort by:
Attacker Value
Moderate
CVE-2023-25950
Disclosure Date: April 11, 2023 (last updated October 08, 2023)
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.
2
Attacker Value
Moderate
CVE-2024-47176
Disclosure Date: September 26, 2024 (last updated October 02, 2024)
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
3
Attacker Value
Very High
CVE-2024-45195
Disclosure Date: September 04, 2024 (last updated September 06, 2024)
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
1
Attacker Value
Very High
CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Se…
Disclosure Date: October 21, 2020 (last updated December 28, 2020)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
12
Attacker Value
Very High
CVE-2023-45249
Disclosure Date: July 24, 2024 (last updated July 27, 2024)
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
2
Attacker Value
Unknown
CVE-2024-7029
Disclosure Date: August 02, 2024 (last updated September 18, 2024)
Commands can be injected over the network and executed without authentication.
1
Attacker Value
Very High
CVE-2023-42115
Disclosure Date: May 03, 2024 (last updated September 18, 2024)
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17434.
0
Attacker Value
Moderate
CVE-2023-29336
Disclosure Date: May 09, 2023 (last updated April 10, 2024)
Win32k Elevation of Privilege Vulnerability
4
Attacker Value
Low
CVE-2024-44000
Disclosure Date: October 20, 2024 (last updated October 24, 2024)
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.
2
Attacker Value
Very High
CVE-2024-40766
Disclosure Date: August 23, 2024 (last updated September 11, 2024)
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
2