Lucene search
K

110 matches found

NVD
NVD
added 2023/06/23 12:15 p.m.16 views

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

9.8CVSS9.9AI score0.9425EPSS
Exploits15References4
Prion
Prion
added 2023/06/23 12:15 p.m.30 views

Command injection

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

7.5CVSS9.9AI score0.9425EPSS
Exploits15References3Affected Software1
Veracode
Veracode
added 2023/04/11 9:34 a.m.41 views

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. Unauthenticated HTTP requests could bypass ACL authorizations when processed on servers through internal RPCs, allowing a job to be submitted to the cluster without mTLS enabled, which elevates user privileges...

9.9CVSS8.9AI score0.00759EPSS
Exploits0References3Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/04/05 6:30 p.m.6 views

Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that an unauthenticated request sent to a client agent’s HTTP endpoint bypasses intended ACL authorizations when processed on server through internal RPCs. In doing so, unauthenticated HTTP requests can be used to...

9.9CVSS6.9AI score0.00759EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/02/13 12:0 a.m.40 views

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring...

10AI score0.95326EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/14 8:15 p.m.24 views

CVE-2021-45310

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted b...

5.5AI score0.00898EPSS
Exploits1References1
OSV
OSV
added 2022/01/19 12:15 p.m.3 views

CVE-2022-21262

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...

6.1CVSS6.8AI score0.00946EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 12:15 p.m.3 views

CVE-2021-35687

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Unified Metadata Manager. Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS6.7AI score0.01147EPSS
Exploits0References1
Prion
Prion
added 2022/01/14 8:15 p.m.15 views

Code injection

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...

5CVSS7.6AI score0.05235EPSS
Exploits0References1Affected Software27
Vulnrichment
Vulnrichment
added 2021/10/20 10:50 a.m.2 views

CVE-2021-35552

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Diagnostics. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

5.3CVSS5.4AI score0.0105EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:15 p.m.0 views

CVE-2021-2420

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

7.5CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2021/04/22 10:15 p.m.5 views

CVE-2021-2256

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

10CVSS7.3AI score0.01666EPSS
Exploits0References1
OSV
OSV
added 2021/04/22 10:15 p.m.4 views

CVE-2021-2204

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

5.3CVSS6.7AI score0.01367EPSS
Exploits1References1
CVE
CVE
added 2021/02/01 3:41 p.m.102 views

CVE-2020-25594

CVE-2020-25594 affects HashiCorp Vault and Vault Enterprise. The issue allowed unauthenticated HTTP requests to enumerate Secrets Engine mount paths. This was fixed in Vault 1.6.2 and Vault Enterprise 1.5.7. The connected sources confirm the vulnerability description and the remediation versions;...

5.3CVSS5.6AI score0.01355EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2021/02/01 3:41 p.m.42 views

CVE-2020-25594

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7...

5.3CVSS5.8AI score0.01355EPSS
Exploits0
OSV
OSV
added 2021/01/20 3:15 p.m.4 views

CVE-2021-2040

Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications component: Case Form, Local Affiliate Form. The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS6.8AI score0.00972EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/24 2:13 p.m.35 views

CVE-2020-13505

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...

9.9AI score0.01183EPSS
Exploits1References1
Talos
Talos
added 2020/09/23 12:0 a.m.127 views

Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability

Talos Vulnerability Report TALOS-2020-1109 Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-13507, CVE-2020-13508 Summary Multiple SQL injection vulnerabilities exist in the Alias.asmx Web Service functionality of eDNA Enterprise...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2020/07/29 2:5 p.m.25 views

CVE-2020-4573

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180...

5.3CVSS5AI score0.0128EPSS
Exploits0References2
NVD
NVD
added 2020/07/28 3:15 p.m.20 views

CVE-2020-13914

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service Segmentation fault to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300,...

7.5CVSS7.5AI score0.02287EPSS
Exploits0References1
Rows per page
Query Builder