Lucene search
K

322 matches found

Vulnrichment
Vulnrichment
added 2024/04/03 4:27 p.m.9 views

CVE-2024-20347

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An...

4.3CVSS7.4AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 4:20 p.m.21 views

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

7.5CVSS7.5AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 9:52 p.m.98 views

CVE-2024-0073

CVE-2024-0073 concerns the NVIDIA GPU Display Driver for Windows. The vulnerability resides in the kernel‑mode layer when the driver performs an operation at a privilege level higher than the minimum required. The impact, as described, includes code execution, denial of service, privilege escalat...

7.8CVSS7.8AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 10:15 p.m.22 views

CVE-2024-0763

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS8.1AI score0.00901EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/27 9:14 p.m.28 views

CVE-2024-0763 Improper validation of document removal parameter

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS8.3AI score0.00901EPSS
Exploits1References2
OSV
OSV
added 2024/02/27 2:15 p.m.21 views

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

7.1CVSS7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 2:7 p.m.10 views

CVE-2024-0551 Download and export of file via default user role

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

7.1CVSS7AI score0.00562EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2024/02/22 2:55 a.m.414 views

Exploit for CVE-2023-38646

Exploit CVE-2023-38646 Metabase before 0.46.6.1 open source...

9.8CVSS10AI score0.97924EPSS
Exploits36
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.17 views

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege...

7.5CVSS6.5AI score0.01904EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.19 views

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...

9.8CVSS7.9AI score0.01259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.23 views

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. Th...

7.5CVSS6.5AI score0.01904EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.14 views

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...

9.8CVSS7.9AI score0.01259EPSS
Exploits0References1
0day.today
0day.today
added 2023/11/10 12:0 a.m.495 views

Cisco IOX XE unauthenticated Command Line Interface Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...

10CVSS7.4AI score0.99571EPSS
Exploits26
FreeBSD
FreeBSD
added 2023/11/08 12:0 a.m.38 views

FreeBSD -- libc stdio buffer overflow

Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...

9.8CVSS7.8AI score0.01073EPSS
Exploits0
OSV
OSV
added 2023/11/03 12:15 a.m.6 views

CVE-2023-43018

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...

7.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2023/11/03 12:15 a.m.18 views

CVE-2023-43018

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...

7.5CVSS6.5AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2023/11/02 11:48 p.m.63 views

CVE-2023-43018

CVE-2023-43018 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1, where an operation runs at a privilege level higher than the minimum required, potentially creating or amplifying weaknesses. Public details in connected sources confirm the affected products and versions, with n...

7.5CVSS6.5AI score0.00448EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/10/17 4:12 a.m.74 views

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring syste...

10CVSS7.7AI score0.99571EPSS
Exploits26
Veracode
Veracode
added 2023/08/06 9:34 a.m.19 views

Authorization Bypass

firefox is vulnerable to Authorization Bypasses. A flaw was found in the way that documents loaded principal objects. This flaw could have allowed a malicious user to load a document with a higher privilege level than they should have been allowed...

6.5CVSS6.8AI score0.00538EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.12 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

7.2CVSS7AI score0.00463EPSS
Exploits0References3
Rows per page
Query Builder