11235 matches found
CVE-2023-24205
Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...
CVE-2023-24205
CVE-2023-24205 affects Clash for Windows v0.20.12, with a remote code execution (RCE) vulnerability exploitable via overwriting the configuration file (cfw-setting.yaml). The NVD/NVD-derived metrics assign CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Root cau...
CVE-2023-23917
CVE-2023-23917 concerns a prototype pollution vulnerability in Rocket.Chat server versions prior to 5.2.0 that could enable remote code execution under an admin account. Multiple connected sources concur that an attacker could exploit this to gain admin access in cloud deployments and that the is...
D-Link DIR-820L Devices RCE Vulnerability (Mar 2022)
D-Link DIR-820L devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-24114
typecho 1.1/17.10.30 was discovered to contain a remote code execution RCE vulnerability via install.php...
Remote code execution
typecho 1.1/17.10.30 was discovered to contain a remote code execution RCE vulnerability via install.php...
CVE-2023-24114
Typecho 1.1/17.10.30 is affected by CVE-2023-24114, a remote code execution (RCE) vulnerability via install.php. The vulnerability triggers a high-severity impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with full confidentiality, integrity, and availability impact reported. Exploitation d...
K44104514: Apache Storm vulnerability CVE-2021-40865
Security Advisory Description An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to...
K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626
Security Advisory Description CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers...
K03251240: Multiple Apache OFBiz vulnerabilities CVE-2021-29200, CVE-2021-30128
Security Advisory Description CVE-2021-29200 Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack CVE-2021-30128 Apache OFBiz has unsafe deserialization prior to 17.12.07 version Impact There is no impact; F5 products are not affected...
K44873550: Apache Storm vulnerability CVE-2021-38294
Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
Security Advisory Description A malicious HTTP response to an Advanced WAF/ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution RCE, leading to complete system compromise...
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...
K52145254: TMUI RCE vulnerability CVE-2020-5902
Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. CVE-2020-5902 Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with...
K45474286: Apache Struts Freemarker Remote Code Execution vulnerability CVE-2017-12611
Security Advisory Description In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. CVE-2017-12611 Impact There is no impact; F5 products are not affected by this vulnerability...
K23566124: BIG-IP TMUI vulnerability CVE-2019-6589
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6589 Impact To perform the attack, a user must visit a specially crafted URL...
K14492558: PHP vulnerability CVE-2021-21708
Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...
K14122652: Apache Log4j2 vulnerability CVE-2021-44832
Security Advisory Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration...
K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993
Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...
ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)
Binary data manageengineaccessmanagerpluscve-2022-47966.nbin...