Lucene search
K

56 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2024/07/29 12:0 a.m.125 views

ServiceNow Incomplete List of Disallowed Inputs Vulnerability

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely...

9.8CVSS7.5AI score0.99628EPSS
In wildExploits4
Zero Day Initiative
Zero Day Initiative
added 2023/11/06 12:0 a.m.22 views

SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of...

8.8CVSS7.8AI score0.02729EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 4:15 p.m.23 views

CVE-2023-40062

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges...

8.8CVSS8.8AI score0.02729EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/01 3:29 p.m.30 views

CVE-2023-40062 Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges...

8CVSS9.3AI score0.02729EPSS
Exploits0References2
OSV
OSV
added 2023/09/05 5:15 p.m.3 views

CVE-2023-3374

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0...

9.8CVSS5.8AI score0.00579EPSS
Exploits0References1
NVD
NVD
added 2023/09/05 5:15 p.m.28 views

CVE-2023-3374

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...

9.8CVSS9.6AI score0.00579EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/05 4:29 p.m.10 views

CVE-2023-3374 Privilege Escalation in Bookreen

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...

9.8CVSS7.3AI score0.00579EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.5 views

PT-2023-24464

Name of the Vulnerable Software and Affected Versions Bookreen versions prior to 3.0.0 Description The issue is related to an Incomplete List of Disallowed Inputs vulnerability in Bookreen, which allows Privilege Escalation. Recommendations For versions prior to 3.0.0, update to version 3.0.0 or...

9.8CVSS7.3AI score0.00579EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.37 views

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

9.8AI score0.02884EPSS
Exploits0References3
OSV
OSV
added 2021/10/19 7:15 p.m.6 views

CVE-2021-31370

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the netwo...

6.5CVSS5.8AI score0.00409EPSS
Exploits0References1
Prion
Prion
added 2021/10/19 7:15 p.m.17 views

Design/Logic Flaw

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the netwo...

3.3CVSS6.4AI score0.00409EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/19 6:17 p.m.69 views

CVE-2021-31370

CVE-2021-31370 concerns Juniper Networks Junos OS on QFX5000 Series and EX4600 Series, where an Incomplete List of Disallowed Inputs vulnerability in the Packet Forwarding Engine (PFE) can be exploited by an adjacent unauthenticated attacker sending a high rate of specific multicast traffic. This...

6.5CVSS6.4AI score0.00409EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/10 11:1 a.m.95 views

CVE-2021-20081

CVE-2021-20081 affects ManageEngine ServiceDesk Plus (versions before 11205). The root cause is insufficient sanitisation of user input, enabling a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. Affected product/version: SDP

9CVSS7.2AI score0.5242EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/30 11:14 p.m.28 views

private_address_check contains Incomplete List of Disallowed Inputs

The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...

9.8CVSS3AI score0.02032EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.20 views

GHSA-5VX5-9Q73-WGP4 Safemode Gem Has Incomplete List of Disallowed Inputs

rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...

9.8CVSS9.7AI score0.01627EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.26 views

Safemode Gem Has Incomplete List of Disallowed Inputs

rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...

9.8CVSS9.2AI score0.01627EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder