Lucene search
K

111 matches found

OSV
OSV
added 2021/12/14 12:15 p.m.3 views

CVE-2021-44524

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

9.8CVSS7.3AI score0.01579EPSS
Exploits0References2
NVD
NVD
added 2021/09/14 11:15 a.m.32 views

CVE-2021-37193

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid or vice-versa...

4.3CVSS0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/14 10:47 a.m.31 views

CVE-2021-37193

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid or vice-versa...

5AI score0.00363EPSS
Exploits0References1
Prion
Prion
added 2021/09/06 2:15 p.m.21 views

Design/Logic Flaw

Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...

5CVSS5.2AI score0.00943EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/08/12 3:15 p.m.8 views

CVE-2021-27793

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch...

5.3CVSS7.1AI score0.00905EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/09 12:0 a.m.51 views

CVE-2021-24499 Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

9.9AI score0.60113EPSS
Exploits9References3
Prion
Prion
added 2021/06/16 2:15 p.m.23 views

Improper access control

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway mus...

4.3CVSS6.5AI score0.0301EPSS
Exploits1References1Affected Software3
Cvelist
Cvelist
added 2021/06/16 1:8 p.m.36 views

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway mus...

6.5AI score0.0301EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/01/20 7:56 p.m.26 views

CVE-2021-1283 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

5.5CVSS5.3AI score0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/01/20 7:56 p.m.11 views

CVE-2021-1283 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

5.5CVSS6AI score0.00284EPSS
Exploits0References1
OSV
OSV
added 2021/01/20 3:15 p.m.6 views

CVE-2021-2117

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...

5.4CVSS6.7AI score0.0069EPSS
Exploits0References1
OSV
OSV
added 2021/01/20 3:15 p.m.3 views

CVE-2021-2116

Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to...

5.4CVSS6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2020/12/22 12:0 a.m.10 views

D-link DSL-2888A 访问控制错误漏洞

The D-link DSL-2888A is a Unified Services Router from D-link China. An authorization issue vulnerability exists in the D-Link DSL-2888A devices with firmware, which can be exploited by an attacker to assign a static IP address that has been previously used by a valid user...

7.5CVSS7AI score0.01331EPSS
Exploits1References3
OSV
OSV
added 2020/09/30 9:15 p.m.8 views

CVE-2020-16234

In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code...

7.8CVSS7.7AI score0.01299EPSS
Exploits0References1
OSV
OSV
added 2020/07/15 6:15 p.m.5 views

CVE-2020-2977

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application...

4.6CVSS6.7AI score0.00699EPSS
Exploits0References1
OSV
OSV
added 2020/03/18 1:15 p.m.4 views

CVE-2020-7002

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file...

7.8CVSS7.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.88 views

Computrols CBAS-Web 19.0.0 Username Enumeration

Computrols CBAS-Web Username Enumeration Affected versions: 19.0.0 and below CVE: CVE-2019-10848 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic Testing for non-valid...

5CVSS0.08489EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2019/09/23 3:58 p.m.8 views

CVE-2019-10996

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed...

6.6AI score0.01002EPSS
Exploits0References1
Prion
Prion
added 2019/06/12 2:29 p.m.17 views

Code injection

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...

5.5CVSS6.7AI score0.02265EPSS
Exploits0References3
OSV
OSV
added 2019/05/14 8:29 p.m.6 views

CVE-2019-10924

A vulnerability has been identified in LOGO! Soft Comfort All versions V8.3. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated...

7.8CVSS7.4AI score0.01274EPSS
Exploits0References2
Rows per page
Query Builder