|
81
|
7.5 |
HIGH
Network
nokia
|
service_router_linux
service_router_operating_system
|
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.
Update
|
NVD-CWE-noinfo
|
CVE-2023-41376
|
2024-10-3 00:35 |
2023-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
82
|
7.8 |
HIGH
Local
|
pagekit
|
pagekit
|
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
Update
|
NVD-CWE-noinfo
|
CVE-2023-41005
|
2024-10-3 00:35 |
2023-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
9.8 |
CRITICAL
Network
atlassian
|
crowd
|
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API u…
Update
|
NVD-CWE-noinfo
|
CVE-2022-43782
|
2024-10-3 00:35 |
2022-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
84
|
9.8 |
CRITICAL
Network
atlassian
|
bitbucket
|
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arb…
Update
|
CWE-77
Command Injection
|
CVE-2022-43781
|
2024-10-3 00:35 |
2022-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
85
|
8.8 |
HIGH
Network
|
atlassian
|
jira_align
|
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role t…
Update
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-36803
|
2024-10-3 00:35 |
2022-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
5.3 |
MEDIUM
Adjacent
|
synology
|
active_backup_for_business_agent
|
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credent…
Update
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-52950
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
5.5 |
MEDIUM
Local
|
synology
|
active_backup_for_business_agent
|
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-52949
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
5.0 |
MEDIUM
Local
|
synology
|
active_backup_for_business_agent
|
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecifie…
Update
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-52948
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
3.3 |
LOW
Local
|
synology
|
active_backup_for_business_agent
|
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecifi…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-52947
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
- |
|
-
|
-
|
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (data…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2024-47612
|
2024-10-3 00:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
