Lucene search
K

47 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.4 views

SUSE CVE-2011-2200

The dbusheaderbyteswap function in dbus-marshal-header.c in D-Bus aka DBus 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service connection loss, obtain potentially sensitive...

4.6CVSS6.5AI score0.00386EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2022/12/13 2:15 p.m.4 views

CVE-2022-38124

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References1
CVE
CVE
added 2022/12/13 1:6 p.m.68 views

CVE-2022-38124

CVE-2022-38124 concerns Secomea SiteManager. Documents describe a debugging tool that, when accessed by a logged-in administrator, allows modification of the system state in an unintended manner. Concrete impact details are limited to this behavior; no explicit exploitation, affected versions, ro...

6.5CVSS5.9AI score0.00514EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/20 4:15 p.m.15 views

Authentication flaw

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required...

7.5CVSS9.4AI score0.03427EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/20 3:6 p.m.21 views

CVE-2021-44525

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required...

9.8AI score0.03427EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/12/20 12:0 a.m.11 views

PT-2021-24145 · Zoho · Zoho Manageengine Access Manager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Access Manager Plus versions prior to 4203 Description: The issue allows anyone to view certain data elements, such as access control details, and modify some aspects of the application state. Recommendations: For versions...

9.8CVSS9.3AI score0.04371EPSS
Exploits0References4
OSV
OSV
added 2021/08/13 4:15 p.m.2 views

CVE-2021-32068

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify applicatio...

3.7CVSS5.8AI score0.0059EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.6 views

Mitel Networks MiCollab 安全漏洞

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A man-in-the-middle attack vulnerability exists in the AWV and MiCollab Client Service components in Mitel MiCollab versions prior to 9.3. The vulnerability stems from insufficient control over TLS sessions. An...

4.3CVSS5.6AI score0.0059EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.22 views

Rockwellautomation Micrologix Unspecified Vulnerability

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

7.5CVSS1.6AI score0.36642EPSS
Exploits1References2
CNVD
CNVD
added 2019/06/03 12:0 a.m.1 views

IBM PureApplication System pattern editor access control error vulnerability

IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads, and all configurations can be maintained and updated from a single console. pattern editor is one of the graphical editors. An access...

4.3CVSS6.7AI score0.00896EPSS
Exploits0References1
Prion
Prion
added 2017/04/24 3:59 p.m.14 views

Information disclosure

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure,...

7.5CVSS8.1AI score0.0095EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/01/31 10:59 p.m.22 views

Design/Logic Flaw

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

4.4CVSS7AI score0.00377EPSS
Exploits0References16Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/06/01 12:0 a.m.51 views

Debian DLA-235-1 : ruby1.9.1 security update

CVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

6.8CVSS7.1AI score0.03622EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.6 views

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

3.6CVSS6AI score0.00799EPSS
Exploits0References4
Prion
Prion
added 2014/06/14 4:26 a.m.14 views

Authentication flaw

The HSRP implementation in Cisco NX-OS 6.22a and earlier allows remote attackers to bypass authentication and cause a denial of service group-member state modification and traffic blackholing via malformed HSRP packets, aka Bug ID CSCup11309...

4.8CVSS7.4AI score0.01117EPSS
Exploits0References5Affected Software1
Atlassian
Atlassian
added 2014/02/13 11:39 p.m.22 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...

0.6AI score
Exploits0Affected Software1
OSV
OSV
added 2012/11/11 1:0 p.m.10 views

CVE-2012-4734

Request Tracker RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/06/29 12:0 a.m.29 views

Quagga < 0.98.6 / 0.99.4 Multiple Vulnerabilities

According to its self-reported version number, the installation of Quagga listening on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability in RIPD can be triggered by a REQUEST packet, such as SEND UPDATE, on hosts that disable RIPv1 or require...

5CVSS8.2AI score0.1128EPSS
Exploits3References8
NVD
NVD
added 2011/06/22 10:55 p.m.19 views

CVE-2011-2200

The dbusheaderbyteswap function in dbus-marshal-header.c in D-Bus aka DBus 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service connection loss, obtain potentially sensitive...

4.6CVSS6.1AI score0.00386EPSS
Exploits0References16
Rows per page
Query Builder