Lucene search
K

16600 matches found

CVE
CVE
added 2024/07/17 4:29 p.m.79 views

CVE-2024-20400

CVE-2024-20400 : Cisco Expressway Series web-based management interface vulnerability (Expressway-C/E) allows an unauthenticated, remote attacker to redirect a user to a malicious page due to improper input validation of HTTP parameters. A successful exploit could intercept/modify a user’s HTTP r...

4.7CVSS7AI score0.00378EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 4:29 p.m.19 views

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

6.5CVSS7.7AI score0.00616EPSS
Exploits0References1
CVE
CVE
added 2024/07/17 4:29 p.m.66 views

CVE-2024-20429

The CVE-2024-20429 entry concerns Cisco AsyncOS for Secure Email Gateway. Affected component: the web-based management interface. Root cause: insufficient input validation enabling Server-Side Template Injection. Impact: an authenticated user with Operator privileges could remotely execute arbitr...

7.2CVSS7.7AI score0.00616EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/17 4:29 p.m.18 views

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

6.5CVSS0.00616EPSS
Exploits0References1
Cisco
Cisco
added 2024/07/17 4:0 p.m.14 views

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

6.5CVSS6.8AI score0.00616EPSS
Exploits0References1
Cisco
Cisco
added 2024/07/17 4:0 p.m.15 views

Cisco Expressway Series Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

4.7CVSS4.9AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2024/07/17 9:15 a.m.32 views

CVE-2024-31979

Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...

7.5CVSS0.00738EPSS
Exploits0References2
CNVD
CNVD
added 2024/07/17 12:0 a.m.9 views

IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33363)

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that originates from displaying version information in an HTTP request, which can be exploited by an attacker to gather information...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/16 12:49 p.m.27 views

Moderate: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.5CVSS6.6AI score0.01309EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/16 12:0 a.m.41 views

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

7.8CVSS7.8AI score0.14961EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2024/07/16 12:0 a.m.20 views

RHEL 9 : nodejs (RHSA-2024:4559)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4559 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.6AI score0.01309EPSS
Exploits0References9
NVD
NVD
added 2024/07/15 2:15 p.m.15 views

CVE-2024-38494

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...

8.6CVSS0.00609EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 2:15 p.m.17 views

CVE-2024-36455

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...

9.4CVSS0.00475EPSS
Exploits0References1
CVE
CVE
added 2024/07/15 2:3 p.m.45 views

CVE-2024-38494

Broadcom Symantec Privileged Access Management (PAM) contains a vulnerability that, when exploited by a high-privileged authenticated PAM user, enables remote command execution on the affected PAM system via a specially crafted HTTP request. Affected component appears to be the PAM software itsel...

8.6CVSS6.6AI score0.00609EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/15 2:3 p.m.10 views

CVE-2024-38494 Symantec Privileged Access Manager Remote Command Execution vulnerability

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...

8.6CVSS0.00609EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/15 1:19 p.m.20 views

CVE-2024-36455 Symantec Privileged Access Manager Remote Command Execution vulnerability

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...

9.4CVSS0.00475EPSS
Exploits0References1
CVE
CVE
added 2024/07/15 1:19 p.m.45 views

CVE-2024-36455

Broadcom Symantec Privileged Access Management is affected by CVE-2024-36455 through an input validation error that allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. The exposed component is PAM, and the root cause is improper inpu...

9.4CVSS7AI score0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

8.6CVSS6.9AI score0.00609EPSS
Exploits0References3
Redos
Redos
added 2024/07/15 12:0 a.m.17 views

ROS-20240715-01

Vulnerability of Apache Tomcat application server's implementation of rejectIllegalHeader attribute is associated with flaws in processing HTTP requests containing Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP...

7.5CVSS6.7AI score0.01448EPSS
Exploits0
NVD
NVD
added 2024/07/11 3:15 a.m.31 views

CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.5CVSS0.00426EPSS
Exploits0References3
Rows per page
Query Builder