1591
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and Mong…
|
CWE-20
Improper Input Validation
|
CVE-2018-20804
|
2024-09-17 11:15 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1592
|
7.5 |
HIGH
Network
unisoon
|
ultralog_express_firmware
|
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-3921
|
2024-09-17 11:15 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1593
|
9.8 |
CRITICAL
Network
vmware
|
vrealize_automation vsphere_integrated_containers
|
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote a…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-4947
|
2024-09-17 11:15 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1594
|
6.5 |
MEDIUM
Network
|
libtiff fedoraproject
|
libtiff fedora
|
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-6277
|
2024-09-17 10:15 |
2023-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1595
|
9.8 |
CRITICAL
Network
algan
|
prens_student_information_system
|
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.
|
CWE-89
SQL Injection
|
CVE-2022-2807
|
2024-09-17 10:15 |
2022-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1596
|
9.4 |
CRITICAL
Network
parantezteknoloji
|
koha_library_automation
|
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
|
CWE-89
SQL Injection
|
CVE-2022-0495
|
2024-09-17 10:15 |
2022-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1597
|
7.8 |
HIGH
Local
|
amd
|
enterprise_driver radeon_pro_software radeon_software ryzen_3_2200ge_firmware ryzen_3_2200g_firmware ryzen_5_2400ge_firmware ryzen_5_2400g_firmware ryzen_3_3100_firmware ryzen…
|
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
|
NVD-CWE-Other
|
CVE-2020-12931
|
2024-09-17 10:15 |
2022-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1598
|
5.3 |
MEDIUM
Network
krontech
|
single_connect
|
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitat…
|
CWE-862
Missing Authorization
|
CVE-2021-44795
|
2024-09-17 10:15 |
2022-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1599
|
5.3 |
MEDIUM
Network
rapid7
|
nexpose
|
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser featur…
|
CWE-200
Information Exposure
|
CVE-2019-5640
|
2024-09-17 10:15 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1600
|
4.9 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to…
|
CWE-20
Improper Input Validation
|
CVE-2018-25004
|
2024-09-17 10:15 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|