Lucene search
+L

23 matches found

CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

Espressif ESP-IDF 数字错误漏洞

Espressif ESP-IDF is an IoT development framework developed by Espressif, a Chinese company. Versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6 of Espressif ESP-IDF contain numerical error vulnerabilities. These vulnerabilities stem from integer underflow during the processing ofEAP-WSC packets in th...

8CVSS5.8AI score0.00213EPSS
Exploits0References9
NVD
NVD
added 2024/11/22 8:15 p.m.27 views

CVE-2023-52334

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

7.5CVSS0.01904EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 8:15 p.m.73 views

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS0.01854EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 8:15 p.m.56 views

CVE-2023-51648

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS0.01904EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 8:15 p.m.18 views

CVE-2023-51642

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 8:15 p.m.21 views

CVE-2023-51641

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.51 views

CVE-2023-52334

CVE-2023-52334 concerns Allegra’s downloadAttachmentGlobal path handling. The vulnerability stems from insufficient validation of a user-supplied path before file operations, enabling directory traversal and potential disclosure of stored credentials. Multiple connected sources (NVD/NVD mirror, Z...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.12 views

CVE-2023-52334 Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.13 views

CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS9.9AI score0.01854EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.25 views

CVE-2023-52333 Allegra saveFile Directory Traversal Remote Code Execution Vulnerability

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS0.01854EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.50 views

CVE-2023-51648

CVE-2023-51648 affects Allegra, via the getFileContentAsString method which is vulnerable to directory traversal information disclosure. The root cause is improper validation of a user-supplied path used in file operations, enabling disclosure of sensitive data including stored credentials. Some ...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.31 views

CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS0.01904EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.51 views

CVE-2023-51642

CVE-2023-51642 involves Allegra’s loadFieldMatch deserialization, where untrusted data is deserialized due to improper input validation. This leads to remote code execution in the LOCAL SERVICE context. Attack requires authentication, but Allegra’s registration mechanism can create a user with su...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.24 views

CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.24 views

CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.15 views

CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2
CVE
CVE
added 2024/04/24 7:42 p.m.185 views

CVE-2024-32879

Python Social Auth Django contains a vulnerability (CVE-2024-32879) where third-party authentication user IDs are not case-sensitive due to the database collation before version 5.4.1, allowing mismatched IDs to be treated as equal. The issue is mitigated by upgrading to 5.4.1, which fixes the im...

4.9CVSS6.5AI score0.00581EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.18 views

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege...

7.5CVSS6.5AI score0.01904EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.14 views

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specif...

9.8CVSS7.9AI score0.01259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.31 views

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. Th...

7.5CVSS6.5AI score0.01904EPSS
Exploits0References1
Rows per page
Query Builder