Lucene search
K

638 matches found

CNVD
CNVD
added 2021/11/03 12:0 a.m.9 views

Unspecified Vulnerability in Fortinet FortiWLM

Fortinet FortiWLC is a wireless LAN controller from Fortinet. A security vulnerability in Fortinet FortiWLC version 8.6.1 and below can be exploited by an attacker to execute unauthorized code or commands via a crafted HTTP request...

8.8CVSS7.3AI score0.01895EPSS
Exploits0References1
Prion
Prion
added 2021/10/21 3:15 a.m.20 views

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affecte...

4CVSS6.4AI score0.00771EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/09/24 3:15 a.m.14 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

7.5CVSS0.01267EPSS
Exploits0References1
NVD
NVD
added 2021/08/13 12:15 p.m.16 views

CVE-2021-37351

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server...

5.3CVSS0.02833EPSS
Exploits0References1
NVD
NVD
added 2021/08/06 3:15 p.m.18 views

CVE-2021-26606

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...

10CVSS0.02432EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/07/27 7:2 p.m.120 views

XML External Entity (XXE) Injection in JDOM

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntitiesfalse and they won't be expanded...

7.5CVSS7.2AI score0.19442EPSS
Exploits1References22Affected Software2
OSV
OSV
added 2021/07/13 9:45 a.m.6 views

OPENSUSE-SU-2021:1031-1 Security update for jdom2

This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request bsc1187446 This update was imported from the SUSE:SLE-15-SP2:Update update project...

7.5CVSS7.3AI score0.19442EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/13 12:0 a.m.57 views

Security update for jdom2 (important)

openSUSE Security Update: Security update for jdom2 Announcement ID: openSUSE-SU-2021:1031-1 Rating: important References: 1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 SUSE: 7.5...

7.5CVSS6.7AI score0.19442EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/07/12 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2021:2293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.19442EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.29 views

Debian DLA-2696-1 : libjdom2-java - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2696 advisory. It was discovered that there was an XML External Entity XXE issue in libjdom2-java, a library for reading and manipulating XML documents. Attackers could have caused a deni...

7.5CVSS6.6AI score0.19442EPSS
Exploits1References4
CVE
CVE
added 2021/06/24 11:33 a.m.81 views

CVE-2021-31412

The CVE-2021-31412 entry describes an information-disclosure issue in Vaadin Flow Server’s default RouteNotFoundError view. The vulnerability arises from improper sanitization of the path, enabling a network attacker to enumerate all available routes when the application runs in production mode a...

5.3CVSS5.1AI score0.01318EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2021/06/17 7:27 p.m.88 views

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

7.5CVSS5AI score0.19442EPSS
Exploits1References3
NVD
NVD
added 2021/06/16 12:15 p.m.22 views

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

7.5CVSS0.19442EPSS
Exploits1References17
OSV
OSV
added 2021/06/16 12:15 p.m.35 views

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

7.5CVSS6.4AI score
Exploits0References17
Prion
Prion
added 2021/06/16 12:15 p.m.21 views

Cross site request forgery (csrf)

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

5CVSS6.9AI score0.19442EPSS
Exploits1References17Affected Software6
UbuntuCve
UbuntuCve
added 2021/06/16 12:15 p.m.36 views

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

7.5CVSS6.8AI score0.19442EPSS
Exploits1References4
Prion
Prion
added 2021/05/27 7:15 p.m.14 views

Command injection

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...

9CVSS8.6AI score0.11642EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/22 6:45 a.m.14 views

CVE-2021-1531 Cisco Modeling Labs Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient...

8.8CVSS9AI score0.30492EPSS
Exploits3References2
Prion
Prion
added 2021/04/30 12:15 a.m.14 views

Path traversal

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

6.4CVSS9AI score0.02218EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/29 11:28 p.m.25 views

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

9.2AI score0.02218EPSS
Exploits1References1
Rows per page
Query Builder