249 matches found
CVE-2023-25577 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
KLA20232 Multiple vulnerabilities in Microsoft Server Software
Remote code execution vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to execute arbitrary code. Original advisories CVE-2023-21707 CVE-2023-21710 CVE-2023-21529 CVE-2023-21706 Exploitation Public exploits exist for this vulnerability...
CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server...
Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. Work around: There are no known workarounds for this issue...
PT-2023-10341 · Unknown · Mosbth Cimage
Name of the Vulnerable Software and Affected Versions: mosbth cimage versions up to 0.7.18 Description: A vulnerability was found in mosbth cimage, affecting an unknown functionality of the file check system.php. The manipulation of the argument $ SERVER'SERVER SOFTWARE' leads to cross site...
PT-2023-32991 · Packagist · Pocketmine/Pocketmine-Mp
Name of the Vulnerable Software and Affected Versions: No specific software name is mentioned, but based on the context, it appears to be related to a server software, possibly a game server, with affected versions not specified. Description: The issue arises from a workaround for an old client b...
Denial Of Service (DoS)
github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server of httpstream.go due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command...
KLA20042 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof us...
KLA19264 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited...
CVE-2022-2552
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...
CVE-2022-2552
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...
PT-2022-17348
Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.4.7 Description The issue concerns the lack of authentication or authorization for visitors, allowing them to view sensitive system information, including server software, PHP version, and the fu...
CVE-2022-36234
SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets...
Denial Of Service (DoS)
github.com/kubeedge/kubeedge is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions via memory exhaustion by sending a specifically crafted HTTP request with a large body through the signEdgeCert function in server.go...
GHSA-Q874-G24W-4Q9G vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
Wildfly Authorization Misconfiguration
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...
GHSA-82V2-F875-73G9 Wildfly Authorization Misconfiguration
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...
phpMyAdmin SSRF in replication
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...
KLA12527 Elevation of privilege vulnerability in Microsoft Server Software
Elevation of privilege vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-21978 Related products Microsoft-Exchange-Server CVE list CVE-2022-21978 critical KB list 5014261 5014260 Solution Install...
CVE-2022-24888 Possible Injection in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...