1961
|
6.1 |
MEDIUM
Network
|
broadcom
|
symantec_privileged_access_management
|
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38493
|
2024-09-11 01:35 |
2024-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1962
|
6.5 |
MEDIUM
Network
|
stonefly
|
storage_concentrator
|
StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system…
|
CWE-22
Path Traversal
|
CVE-2024-31947
|
2024-09-11 01:34 |
2024-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1963
|
8.8 |
HIGH
Network
|
apache
|
drill
|
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.
Users are recommended to u…
|
CWE-611
XXE
|
CVE-2023-48362
|
2024-09-11 01:31 |
2024-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1964
|
3.1 |
LOW
Adjacent
|
silabs
|
bluetooth_low_energy_software_development_kit
|
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that h…
|
CWE-416
Use After Free
|
CVE-2023-41093
|
2024-09-11 01:19 |
2024-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1965
|
5.4 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40690
|
2024-09-11 01:16 |
2024-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1966
|
- |
|
-
|
-
|
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2023-48680
|
2024-09-11 01:15 |
2024-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1967
|
7.1 |
HIGH
Local
|
acronis
|
agent
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343.
|
CWE-862
Missing Authorization
|
CVE-2023-45246
|
2024-09-11 01:15 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1968
|
5.5 |
MEDIUM
Local
|
acronis
|
agent
|
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2023-44213
|
2024-09-11 01:15 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1969
|
7.5 |
HIGH
Network
acronis
|
cyber_protect
|
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
|
NVD-CWE-noinfo
|
CVE-2023-44156
|
2024-09-11 01:15 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1970
|
9.1 |
CRITICAL
Network
acronis
|
cyber_protect
|
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-44152
|
2024-09-11 01:15 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|