Lucene search
K

11235 matches found

Cvelist
Cvelist
added 2023/02/23 12:0 a.m.22 views

CVE-2023-24205

Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...

10AI score0.01287EPSS
Exploits1References2
CVE
CVE
added 2023/02/23 12:0 a.m.63 views

CVE-2023-24205

CVE-2023-24205 affects Clash for Windows v0.20.12, with a remote code execution (RCE) vulnerability exploitable via overwriting the configuration file (cfw-setting.yaml). The NVD/NVD-derived metrics assign CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Root cau...

9.8CVSS9.9AI score0.01287EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/02/23 12:0 a.m.95 views

CVE-2023-23917

CVE-2023-23917 concerns a prototype pollution vulnerability in Rocket.Chat server versions prior to 5.2.0 that could enable remote code execution under an admin account. Multiple connected sources concur that an attacker could exploit this to gain admin access in cloud deployments and that the is...

8.8CVSS8.3AI score0.00978EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/02/23 12:0 a.m.21 views

D-Link DIR-820L Devices RCE Vulnerability (Mar 2022)

D-Link DIR-820L devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.7AI score0.81218EPSS
Exploits1References4
NVD
NVD
added 2023/02/22 9:15 p.m.11 views

CVE-2023-24114

typecho 1.1/17.10.30 was discovered to contain a remote code execution RCE vulnerability via install.php...

9.8CVSS9.9AI score0.01405EPSS
Exploits1References1
Prion
Prion
added 2023/02/22 9:15 p.m.18 views

Remote code execution

typecho 1.1/17.10.30 was discovered to contain a remote code execution RCE vulnerability via install.php...

7.5CVSS9.8AI score0.01405EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/02/22 12:0 a.m.42 views

CVE-2023-24114

Typecho 1.1/17.10.30 is affected by CVE-2023-24114, a remote code execution (RCE) vulnerability via install.php. The vulnerability triggers a high-severity impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with full confidentiality, integrity, and availability impact reported. Exploitation d...

9.8CVSS9.8AI score0.01405EPSS
Exploits1References1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.54 views

K44104514: Apache Storm vulnerability CVE-2021-40865

Security Advisory Description An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to...

9.8CVSS9.5AI score0.65587EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.257 views

K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626

Security Advisory Description CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers...

8.8CVSS9.4AI score0.5838EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.47 views

K03251240: Multiple Apache OFBiz vulnerabilities CVE-2021-29200, CVE-2021-30128

Security Advisory Description CVE-2021-29200 Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack CVE-2021-30128 Apache OFBiz has unsafe deserialization prior to 17.12.07 version Impact There is no impact; F5 products are not affected...

10CVSS9.5AI score0.81079EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.31 views

K44873550: Apache Storm vulnerability CVE-2021-38294

Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS9.5AI score0.84489EPSS
Exploits4
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.72 views

K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992

Security Advisory Description A malicious HTTP response to an Advanced WAF/ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution RCE, leading to complete system compromise...

9.8CVSS8.5AI score0.72711EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.59 views

K56715231: TMM buffer-overflow vulnerability CVE-2021-22991

Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...

9.8CVSS8.1AI score0.61064EPSS
Exploits3Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.137 views

K52145254: TMUI RCE vulnerability CVE-2020-5902

Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. CVE-2020-5902 Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with...

10CVSS9.2AI score0.99999EPSS
Exploits60Affected Software15
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.183 views

K45474286: Apache Struts Freemarker Remote Code Execution vulnerability CVE-2017-12611

Security Advisory Description In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. CVE-2017-12611 Impact There is no impact; F5 products are not affected by this vulnerability...

9.8CVSS9.6AI score0.8802EPSS
Exploits6
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.34 views

K23566124: BIG-IP TMUI vulnerability CVE-2019-6589

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6589 Impact To perform the attack, a user must visit a specially crafted URL...

6.1CVSS6.2AI score0.00793EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.104 views

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

9.8CVSS8AI score0.03002EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.60 views

K14122652: Apache Log4j2 vulnerability CVE-2021-44832

Security Advisory Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration...

8.5CVSS8.7AI score0.97906EPSS
Exploits9Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.106 views

K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993

Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...

9.8CVSS6.5AI score0.90039EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.73 views

ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineaccessmanagerpluscve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References4
Rows per page
Query Builder