Lucene search
+L

151 matches found

NVD
NVD
added 2023/05/12 9:15 p.m.30 views

CVE-2023-20878

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...

7.2CVSS7.4AI score0.01001EPSS
Exploits0References1
Prion
Prion
added 2023/05/12 9:15 p.m.23 views

Deserialization of untrusted data

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...

5.8CVSS7.7AI score0.01001EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/12 12:0 a.m.37 views

CVE-2023-20878

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...

7.6AI score0.01001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

8.8CVSS8.6AI score0.01192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.6 views

PT-2023-17678 · A+Hrd · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD affected versions not specified Description: The issue concerns Deserialization of Untrusted Data within the MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this to execute arbitrary system commands,...

9.8CVSS9.7AI score0.00986EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.26 views

Security Bulletin: CLI access security issue on IBM SAN Volume Controller and Storwize Family (CVE-2014-0880)

Summary Security Bulletin: CLI access security issue on IBM SAN Volume Controller and Storwize Family CVE-2014-0880 Vulnerability Details Security Bulletin --- Summary --- CLI security issue Vulnerability Details --- CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a...

7.5CVSS6.3AI score0.01912EPSS
Exploits0
Prion
Prion
added 2023/03/28 9:15 p.m.16 views

Authentication flaw

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

7.5CVSS9.5AI score0.00892EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 8:8 p.m.9 views

CVE-2023-28398 CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

9.8CVSS7.4AI score0.00892EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 10:45 a.m.7 views

CVE-2018-25048 Codesys Runtime Improper Limitation of a Pathname

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device...

8.8CVSS8.5AI score0.01022EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.6 views

SAP NetWeaver AS 路径遍历漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS suffers from a path traversal vulnerability that arises when a network system or product fails to properly filter special elements i...

9.6CVSS6.7AI score0.00982EPSS
Exploits0References3
Zero Science Lab
Zero Science Lab
added 2023/02/27 12:0 a.m.316 views

Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

5.8AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.30 views

K34514540: TMM vulnerability CVE-2017-6138

Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules...

7.5CVSS7.5AI score0.01585EPSS
Exploits0Affected Software11
Prion
Prion
added 2022/10/31 7:15 a.m.17 views

Command injection

Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service...

7.5CVSS9.6AI score0.01076EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/09/28 4:15 a.m.20 views

CVE-2022-38699

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...

5.9CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/28 3:25 a.m.8 views

CVE-2022-38699 ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...

5.9CVSS5.7AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 3:25 a.m.49 views

CVE-2022-38699

Armoury Crate Service (ASUS Armoury Crate Service) is affected by a symbolic-link vulnerability in its logging function. The issue arises because the logging path validation does not detect if the log file is a symbolic link, enabling a physical attacker with general user privileges to modify the...

5.9CVSS5.6AI score0.00311EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-4942 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to a path traversal vulnerability in Smart eVision's file acquisition function. This vulnerability is caused by insufficient filtering for special characters in t...

9.8CVSS9.5AI score0.01532EPSS
Exploits0References4
OSV
OSV
added 2022/09/23 3:15 p.m.8 views

CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system...

9.1CVSS5.8AI score0.00672EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/01/28 2:15 p.m.31 views

Conti, DeadBolt Target Delta, QNAP

Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta Electronics, an electronics company that provides products for Apple, Tesla...

7.2AI score
Exploits0References22
Cvelist
Cvelist
added 2022/01/14 4:50 a.m.24 views

CVE-2022-22056 Le-yan Co., Ltd. dental management system - Hard-coded Credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

9.8CVSS9.7AI score0.02259EPSS
Exploits0References1
Rows per page
Query Builder