Search Results (8842 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26295 1 Apache 1 Ofbiz 2025-02-13 9.8 Critical
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
CVE-2021-25329 4 Apache, Debian, Oracle and 1 more 15 Tomcat, Debian Linux, Agile Plm and 12 more 2025-02-13 7.0 High
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
CVE-2020-17532 1 Apache 1 Java Chassis 2025-02-13 8.8 High
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-11995 1 Apache 1 Dubbo 2025-02-13 9.8 Critical
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8.
CVE-2019-3811 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Sssd and 2 more 2025-02-13 5.2 Medium
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2024-1651 1 Torrentpier 1 Torrentpier 2025-02-12 10 Critical
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
CVE-2023-27180 1 Gdidees 1 Gdidees Cms 2025-02-12 7.5 High
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.
CVE-2023-37398 1 Ibm 1 Aspera Faspex 2025-02-12 5.9 Medium
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2023-35907 1 Ibm 1 Aspera Faspex 2025-02-12 5.9 Medium
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2022-48433 1 Jetbrains 1 Intellij Idea 2025-02-12 6.1 Medium
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CVE-2023-28642 2 Linuxfoundation, Redhat 6 Runc, Enterprise Linux, Openshift and 3 more 2025-02-12 6.1 Medium
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVE-2022-47188 1 Generex 2 Cs141, Cs141 Firmware 2025-02-12 7.5 High
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
CVE-2022-43293 1 Wacom 1 Driver 2025-02-11 5.9 Medium
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.
CVE-2022-38604 2 Microsoft, Wacom 2 Windows, Driver 2025-02-11 7.3 High
Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.
CVE-2023-1712 1 Deepset 1 Haystack 2025-02-11 9.8 Critical
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
CVE-2023-1753 1 Phpmyfaq 1 Phpmyfaq 2025-02-11 5.5 Medium
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1381 1 Joomunited 1 Wp Meta Seo 2025-02-11 8.8 High
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.
CVE-2023-25413 1 Aten 2 Pe8108, Pe8108 Firmware 2025-02-11 7.5 High
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
CVE-2023-25407 1 Aten 2 Pe8108, Pe8108 Firmware 2025-02-11 7.2 High
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.
CVE-2023-25940 1 Dell 1 Emc Powerscale Onefs 2025-02-11 6.7 Medium
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.