Topics
Sort by:
Attacker Value
Very Low
CVE-2024-24942
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
2
Attacker Value
Very High
CVE-2023-38035
Disclosure Date: August 21, 2023 (last updated October 08, 2023)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
3
Attacker Value
High
CVE-2023-4911
Disclosure Date: October 03, 2023 (last updated April 25, 2024)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
4
Attacker Value
Moderate
CVE-2024-22024
Disclosure Date: February 13, 2024 (last updated February 14, 2024)
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
3
Attacker Value
Very High
CVE-2023-52251
Disclosure Date: January 25, 2024 (last updated February 01, 2024)
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
2
Attacker Value
Very Low
CVE-2020-17482
Disclosure Date: October 02, 2020 (last updated October 07, 2023)
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
3
Attacker Value
Very High
CVE-2024-21893
Disclosure Date: January 31, 2024 (last updated February 02, 2024)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
8
Attacker Value
Very High
CVE-2023-4966
Disclosure Date: October 10, 2023 (last updated February 29, 2024)
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
3
Attacker Value
Moderate
CVE-2023-49085
Disclosure Date: December 22, 2023 (last updated December 30, 2023)
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
3
Attacker Value
High
CVE-2023-46604
Disclosure Date: October 27, 2023 (last updated April 11, 2024)
The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
11