Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 826 827 828 829 830 831 832 833 834 835 [836] 837 838 839 840 841 842 843 844 845 846 ... Result(s) : 43543

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
9.8 2020-11-06 CVE-2020-28250 cve Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.
9.8 2020-11-06 CVE-2020-26892 cve The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
9.8 2020-11-06 CVE-2020-16846 cve An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
9.8 2020-11-06 CVE-2020-25172 cve A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
9.8 2020-11-06 CVE-2020-25592 cve In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
9.8 2020-11-06 CVE-2020-26214 cve In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorizatio...
9.8 2020-11-06 CVE-2020-3284 cve A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsig...
9 2020-11-05 CVE-2020-15952 cve Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish...
9.8 2020-11-05 CVE-2020-27955 cve Git LFS 2.12.0 allows Remote Code Execution.
9.8 2020-11-05 CVE-2020-12145 cve Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in t...
9.8 2020-11-05 CVE-2020-17510 cve Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
9.8 2020-11-04 CVE-2020-2301 cve Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional...
9.8 2020-11-04 CVE-2020-7128 cve A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
9.8 2020-11-04 CVE-2020-2299 cve Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
9.8 2020-11-04 CVE-2020-22274 cve JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
9.8 2020-11-04 CVE-2020-27689 cve The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker cou...
9.8 2020-11-04 CVE-2020-2300 cve Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user dep...
9.8 2020-11-04 CVE-2020-22276 cve WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
9.8 2020-11-04 CVE-2020-26167 cve In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
9.8 2020-11-03 CVE-2020-1909 cve A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes a...
Page(s) : 1 ... 826 827 828 829 830 831 832 833 834 835 [836] 837 838 839 840 841 842 843 844 845 846 ... Result(s) : 43543