Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2024/06/03 9:48 a.m.17 views

CVE-2024-23667

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

7.8CVSS7.8AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/03 9:48 a.m.19 views

CVE-2024-23668

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

8.8CVSS7.5AI score0.00651EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/03 9:48 a.m.21 views

CVE-2024-23670

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

7.8CVSS7.8AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/03 9:48 a.m.18 views

CVE-2024-23670

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

7.8CVSS7.5AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2024/06/03 8:15 a.m.15 views

CVE-2023-48789

A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests...

6.5CVSS4.6AI score0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/03 7:57 a.m.17 views

CVE-2023-48789

A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests...

4.3CVSS4.6AI score0.00481EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.27 views

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658 - libxml2: Missing validation...

9.8CVSS8.1AI score0.1398EPSS
Exploits22References44
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.502 views

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...

7.5CVSS7.1AI score0.02412EPSS
Exploits5
Cvelist
Cvelist
added 2024/05/28 4:57 p.m.20 views

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

6.8AI score0.00396EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/28 6:51 a.m.15 views

Information Disclosure

github.com/huandu/facebook is vulnerable to an Information Disclosure vulnerability. The vulnerability is due to the accesstoken being exposed in error messages upon failing HTTP requests, which could allow an attacker with log access to obtain sensitive access tokens by exploiting error messages...

3.7CVSS6.4AI score0.00504EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/27 10:33 a.m.18 views

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...

6.3CVSS9.3AI score0.00744EPSS
Exploits0References4
OSV
OSV
added 2024/05/24 3:15 p.m.15 views

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...

5.9CVSS7.7AI score
Exploits0References3
Cvelist
Cvelist
added 2024/05/24 3:9 p.m.25 views

CVE-2021-47544 tcp: fix page frag corruption on page fault

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...

6.8AI score0.00744EPSS
Exploits0References3
CVE
CVE
added 2024/05/24 3:9 p.m.149 views

CVE-2021-47544

CVE-2021-47544 affects the Linux kernel TCP path, specifically the page frag allocation in sk_page_frag() during a page fault on an mmapped user buffer from CIFS. The nested memory access triggers page-frag modifications that corrupt the TCP stream, observed in HTTP transfers served by Apache ove...

5.9CVSS7.1AI score0.00744EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/22 8:41 p.m.3 views

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

5.3CVSS7.3AI score0.01208EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.2 views

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

5.3CVSS7.3AI score0.01208EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.17 views

Fortinet FortiWeb - Multiple OS command injection (FG-IR-22-133)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-133 advisory. - Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in...

8.8CVSS8.2AI score0.01324EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.79 views

Fortinet Fortigate Web server ETag exposure (FG-IR-23-224)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-224 advisory. - An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through...

7.5CVSS5.6AI score0.00695EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.43 views

Fortinet Fortigate Format String Bug in cli command (FG-IR-23-137)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-137 advisory. - A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through...

7.2CVSS5.9AI score0.00654EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.34 views

RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...

7.5CVSS7.4AI score0.01533EPSS
Exploits0References8
Rows per page
Query Builder