322 matches found
CVE-2024-20347
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An...
CVE-2024-20281
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...
CVE-2024-0073
CVE-2024-0073 concerns the NVIDIA GPU Display Driver for Windows. The vulnerability resides in the kernel‑mode layer when the driver performs an operation at a privilege level higher than the minimum required. The impact, as described, includes code execution, denial of service, privilege escalat...
CVE-2024-0763
Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...
CVE-2024-0763 Improper validation of document removal parameter
Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...
CVE-2024-0551
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...
CVE-2024-0551 Download and export of file via default user role
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...
Exploit for CVE-2023-38646
Exploit CVE-2023-38646 Metabase before 0.46.6.1 open source...
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege...
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. Th...
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...
Cisco IOX XE unauthenticated Command Line Interface Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...
FreeBSD -- libc stdio buffer overflow
Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...
CVE-2023-43018
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...
CVE-2023-43018
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...
CVE-2023-43018
CVE-2023-43018 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1, where an operation runs at a privilege level higher than the minimum required, potentially creating or amplifying weaknesses. Public details in connected sources confirm the affected products and versions, with n...
Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring syste...
Authorization Bypass
firefox is vulnerable to Authorization Bypasses. A flaw was found in the way that documents loaded principal objects. This flaw could have allowed a malicious user to load a document with a higher privilege level than they should have been allowed...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...