1651
|
9.6 |
CRITICAL
Adjacent
|
pardus
|
liderahenk
|
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP crede…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-3825
|
2024-09-17 05:15 |
2021-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1652
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21…
|
NVD-CWE-Other
|
CVE-2020-7929
|
2024-09-17 05:15 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1653
|
6.8 |
MEDIUM
Adjacent
|
mongodb
|
libmongocrypt
|
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network pos…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-20327
|
2024-09-17 05:15 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1654
|
4.9 |
MEDIUM
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2021-20406
|
2024-09-17 05:15 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1655
|
9.8 |
CRITICAL
Network
sonicwall
|
sonicos
|
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the fi…
|
NVD-CWE-noinfo
|
CVE-2024-40766
|
2024-09-17 04:48 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1656
|
8.8 |
HIGH
Network
|
xwiki
|
pro_macros
|
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform …
|
CWE-74
Injection
|
CVE-2024-42489
|
2024-09-17 04:46 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1657
|
9.8 |
CRITICAL
Network
atlassian
|
confluence_server confluence_data_center
|
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Cent…
|
NVD-CWE-noinfo
|
CVE-2023-22515
|
2024-09-17 04:46 |
2023-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1658
|
7.8 |
HIGH
Local
|
apple
|
ipados iphone_os watchos
|
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Appl…
|
NVD-CWE-noinfo
|
CVE-2023-41061
|
2024-09-17 04:46 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1659
|
9.8 |
CRITICAL
Network
zohocorp
|
manageengine_access_manager_plus manageengine_ad360 manageengine_adaudit_plus manageengine_admanager_plus manageengine_adselfservice_plus manageengine_analytics_plus manageengine_as…
|
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because th…
|
NVD-CWE-noinfo
|
CVE-2022-47966
|
2024-09-17 04:45 |
2023-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1660
|
5.5 |
MEDIUM
Local
|
nvidia
|
cuda_toolkit
|
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-0102
|
2024-09-17 04:37 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|