79 matches found
CVE-2024-21610
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon cosd of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service DoS. In a scaled CoS scenario with 1000s of interfaces, when...
CVE-2023-48598
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2023-47320
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects...
SUSE CVE-2018-2844
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...
CVE-2022-4751 Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode
The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-46833
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...
CVE-2022-21590
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Core Formatting API. Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
UBUNTU-CVE-2022-21488
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
MGASA-2021-0488 Updated virtualbox packages fix security vulnerabilities
This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...
UBUNTU-CVE-2020-2913
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-3028
CVE-2019-3028 affects Oracle VM VirtualBox Core in VirtualBox: versions before 5.2.34 and before 6.0.14 are vulnerable. The issue allows a local, low-privilege attacker with logon to the host environment to compromise/run takeover of VirtualBox (impacting related products). CVSS v3.1 base score 8...
CVE-2019-2858
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware subcomponent: Advanced Console. Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
UBUNTU-CVE-2019-2448
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via...
CVE-2018-9036
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users...
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...
CVE-2017-3538
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...
CVE-2017-3551
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Smartcard Libraries. The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise...
CVE-2017-3242
Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite subcomponent: LDOM Manager. Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server...