Lucene search
K

96 matches found

Veracode
Veracode
added 2023/10/27 3:56 p.m.27 views

Remote Code Execution (RCE)

Azure.Identity is vulnerable to Remote Code Execution. The vulnerability is due to improper property sanitization, which allows an attacker to pass a specially crafted OS-level command to a specific SDK property which can result in Remote Code Execution. The vulnerability exists in the...

8.8CVSS7.5AI score0.02243EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/28 12:0 a.m.33 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2023:3830-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3830-1 advisory. - CVE-2023-40184: Fixed restriction bypass via improper session handling bsc1214805. Tenable has extracte...

6.5CVSS6.5AI score0.00728EPSS
Exploits0References4
OSV
OSV
added 2023/08/30 5:48 p.m.25 views

CVE-2023-40184 Improper handling of session establishment errors in xrdp

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

2.6CVSS5.5AI score0.00728EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2023/08/30 5:48 p.m.29 views

CVE-2023-40184

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

6.5CVSS6.5AI score0.00728EPSS
Exploits0
CNVD
CNVD
added 2023/08/29 12:0 a.m.38 views

Unspecified Vulnerability in Google Chrome (CNVD-2023-69037)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that can be exploited by an attacker to perform OS-level privilege escalation via a malicious file...

9.6CVSS6.9AI score0.00435EPSS
Exploits1References1
NVD
NVD
added 2023/08/25 7:15 p.m.25 views

CVE-2019-13690

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

9.6CVSS9AI score0.00435EPSS
Exploits1References2
Prion
Prion
added 2023/08/25 7:15 p.m.23 views

Privilege escalation

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

6.8CVSS8.9AI score0.00435EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/25 6:33 p.m.35 views

CVE-2019-13690

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

9AI score0.00435EPSS
Exploits1References2
CVE
CVE
added 2023/08/25 6:33 p.m.71 views

CVE-2019-13690

CVE-2019-13690 affects Google Chrome on ChromeOS via an inappropriate OS implementation . Before version 75.0.3770.80 , a remote attacker could achieve OS-level privilege escalation by tricking the user with a malicious file. The documented impact is high, but the connected sources do not provide...

9.6CVSS8.9AI score0.00435EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.6 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that can be exploited by an attacker to perform OS-level privilege escalation via a malicious file...

9.6CVSS6.9AI score0.00435EPSS
Exploits1References3
Metasploit
Metasploit
added 2023/08/24 7:50 p.m.450 views

Chamilo unauthenticated command injection in PowerPoint upload

Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...

9.8CVSS9.4AI score0.99192EPSS
Exploits9
UbuntuCve
UbuntuCve
added 2023/08/22 7:16 p.m.35 views

CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...

4.4CVSS6.3AI score0.00361EPSS
Exploits1References3
Huntr
Huntr
added 2023/05/25 9:47 a.m.10 views

Partial Local file inclusion

Description An authenticated user can extend the range of the web application's folder context and can dig out to OS level. To reproduce the issue, please authenticate to the web application, and simply open the following URL in the browser:...

6.8AI score
Exploits0
Prion
Prion
added 2023/04/19 12:15 p.m.20 views

Command injection

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

5.5CVSS5.8AI score0.00871EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/19 12:0 a.m.63 views

CVE-2023-25759

The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...

5.4CVSS5.7AI score0.00871EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/19 12:0 a.m.38 views

CVE-2023-25759

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

6AI score0.00871EPSS
Exploits0References2
Metasploit
Metasploit
added 2023/02/22 7:52 p.m.634 views

Froxlor Log Path RCE

Froxlor v2.0.7 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render...

8.8CVSS7.2AI score0.97653EPSS
Exploits8
Prion
Prion
added 2022/12/13 3:15 a.m.24 views

Design/Logic Flaw

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

6.5CVSS8.6AI score0.00791EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/11/30 12:0 a.m.9 views

D-Link DNR-322L Command Injection Vulnerability

The D-Link DNR-322L is a surveillance memory from D-Link. A command injection vulnerability exists in D-Link DNR-322L version 2.60B15 and earlier, which stems from a data integrity failure in the backup configuration and can be exploited by an authenticated attacker to execute OS-level commands o...

8.8CVSS7.5AI score0.31328EPSS
Exploits3References1
Prion
Prion
added 2022/11/29 5:15 a.m.28 views

Command injection

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...

6.5CVSS8.8AI score0.31328EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder