Lucene search
K

869 matches found

Cvelist
Cvelist
added 2022/05/02 7:6 p.m.18 views

CVE-2021-41810 Script injection in M-Files Admin

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...

5.2CVSS5.7AI score0.00668EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.6 views

PT-2022-15288 · Juniper Networks · Juniper Networks Paragon Active Assurance

Name of the Vulnerable Software and Affected Versions: Juniper Networks Paragon Active Assurance version 3.1.0 Description: An issue in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially...

7.5CVSS7.5AI score0.00897EPSS
Exploits0References4
NVD
NVD
added 2022/04/11 8:15 p.m.27 views

CVE-2022-24829

Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...

9.8CVSS0.01126EPSS
Exploits0References2
OSV
OSV
added 2022/03/01 7:15 a.m.3 views

CVE-2021-35036

A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50ABTL.0b2k could allow an authenticated attacker to obtain sensitive information from the configuration file...

6.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/02/24 5:15 p.m.21 views

Path traversal

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

4CVSS4.9AI score0.00985EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/24 5:10 p.m.15 views

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

4.3CVSS4.7AI score0.00985EPSS
Exploits0References2
OSV
OSV
added 2022/02/01 3:15 p.m.3 views

CVE-2021-44746

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can acce...

5.3CVSS5.8AI score0.01066EPSS
Exploits0References1
OSV
OSV
added 2022/01/24 8:15 p.m.5 views

CVE-2020-17383

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote...

9.8CVSS5.8AI score0.04252EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.2 views

Nec Platforms Univerge Dt 安全漏洞

Nec Platforms Univerge Dt is a series of desktop phones from Nec Platforms Japan. A security vulnerability exists in Univerge Dt that originates from the possibility of obtaining phone configuration information when analyzing packets using IP Phone Manager or data maintenance tools. The following...

5.3CVSS5.2AI score0.01066EPSS
Exploits0References3
OSV
OSV
added 2021/12/16 8:15 p.m.4 views

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

7.5CVSS5.8AI score0.00902EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-18988

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

7CVSS7.1AI score0.04746EPSS
Exploits2References1
OSV
OSV
added 2021/10/06 8:15 p.m.2 views

CVE-2021-34702

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...

4.3CVSS5.8AI score0.00845EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/06 7:46 p.m.4 views

CVE-2021-34702 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.3 views

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...

4.3CVSS5.2AI score0.00845EPSS
Exploits0References5
OSV
OSV
added 2021/09/24 3:15 a.m.6 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

7.5CVSS5.8AI score0.01267EPSS
Exploits0References1
Redos
Redos
added 2021/09/08 12:0 a.m.20 views

ROS-2-1234

2.1234 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

7.5CVSS7.7AI score0.05107EPSS
Exploits0
ThreatPost
ThreatPost
added 2021/08/18 11:24 a.m.20 views

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between...

7.4AI score
Exploits0References3
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.564 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...

5.8AI score
Exploits0
OSV
OSV
added 2021/08/05 9:15 p.m.3 views

CVE-2021-32002

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...

3.3CVSS5.8AI score0.0023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/07/29 12:0 a.m.26 views

AD Starter Scan - Null sessions

Binary data adsinullsession.nbin...

7.3AI score
Exploits0References4
Rows per page
Query Builder