|
1971
|
5.5 |
MEDIUM
Local
|
microsoft
|
office_web_apps_server
office_online_server
sharepoint_server
|
Microsoft Office Information Disclosure Vulnerability
|
NVD-CWE-noinfo
|
CVE-2022-30159
|
2024-09-11 01:15 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
6.7 |
MEDIUM
Local
|
microsoft
|
service_fabric
|
Executive Summary
An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an atta…
|
NVD-CWE-noinfo
|
CVE-2022-30137
|
2024-09-11 01:15 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
7.8 |
HIGH
Local
|
microsoft
|
azure_automation_state_configuration
azure_automation_update_management
container_monitoring_solution
log_analytics_agent
system_center_operations_manager
azure_security_center
azur…
|
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2022-29149
|
2024-09-11 01:15 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
6.6 |
MEDIUM
Network
|
microsoft
samba
|
windows_server_2012
windows_server_2016
windows_server_2019
samba
|
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).
To exploit…
|
CWE-863
Incorrect Authorization
|
CVE-2020-17049
|
2024-09-11 01:15 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
- |
|
-
|
-
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook r…
|
-
|
CVE-2024-45393
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
- |
|
-
|
-
|
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permiss…
|
CWE-284
Improper Access Control
|
CVE-2024-45323
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
- |
|
-
|
-
|
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. …
|
CWE-285
Improper Authorization
|
CVE-2024-45044
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
- |
|
-
|
-
|
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43800
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
- |
|
-
|
-
|
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43799
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
- |
|
-
|
-
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-11 00:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
