Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20952 | 1 Cisco | 4 Asyncos, S195, S395 and 1 more | 2024-01-25 | N/A | 5.3 MEDIUM |
| A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device. | |||||
| CVE-2022-20924 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-01-25 | N/A | 6.5 MEDIUM |
| A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2020-26082 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2024-01-25 | N/A | 5.3 MEDIUM |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | |||||
| CVE-2023-32721 | 1 Zabbix | 1 Zabbix | 2024-01-24 | N/A | 5.4 MEDIUM |
| A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | |||||
| CVE-2024-0507 | 1 Github | 1 Enterprise Server | 2024-01-23 | N/A | 8.8 HIGH |
| An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-01-23 | N/A | 5.5 MEDIUM |
| Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | |||||
| CVE-2024-20709 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-01-23 | N/A | 5.5 MEDIUM |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20721 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-01-23 | N/A | 5.5 MEDIUM |
| Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
| CVE-2021-20329 | 1 Mongodb | 1 Go Driver | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | |||||
| CVE-2021-20326 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. | |||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | |||||
| CVE-2019-2389 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 1.9 LOW | 4.2 MEDIUM |
| Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. | |||||
| CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. | |||||
| CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2024-01-23 | N/A | 6.1 MEDIUM |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2023-49568 | 1 Go-git Project | 1 Go-git | 2024-01-22 | N/A | 7.5 HIGH |
| A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli. | |||||
| CVE-2023-29446 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-01-19 | N/A | 4.7 MEDIUM |
| An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. | |||||
| CVE-2023-4818 | 1 Paxtechnology | 2 A920, Paydroid | 2024-01-19 | N/A | 7.6 HIGH |
| PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-01-19 | N/A | 7.8 HIGH |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||