VIR Vulnerability Intelligence Relay

Search

Found 1,537 results in 484ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-39226 high 9.5 KEVFIX arch arch sles rocky 5y ago Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
CVE-2021-32648 unknown 1.5 KEV 5y ago In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
CVE-2021-39144 unknown 2.5 KEVEXPFIX slesdebian debian 5y ago XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command o…
CVE-2017-1000486 unknown 2.5 KEVEXP 5y ago Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
CVE-2020-13927 unknown 2.5 KEVEXP 5y ago The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
CVE-2021-3129 unknown 2.5 KEVEXP 5y ago Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().
CVE-2021-21315 unknown 1.5 KEVFIX debian debian 5y ago The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation b…
CVE-2021-21311 unknown 1.5 KEVFIX debian debian 5y ago Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.
CVE-2020-17519 unknown 2.5 KEVEXP 6y ago Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
CVE-2020-16017 high 9.5 KEVFIX arch archdebian debian 6y ago Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2020-16013 high 9.5 KEVFIX arch archdebian debian 6y ago Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-13671 unknown 1.5 KEV 6y ago Improper sanitization in the extension file names is present in Drupal core.
CVE-2019-5786 high 10.0 KEVEXPFIX arch archdebian debian 6y ago Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-1956 unknown 1.5 KEV 6y ago Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
CVE-2020-11978 unknown 2.5 KEVEXP 6y ago A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.
CVE-2020-5410 unknown 2.5 KEVEXP 6y ago Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
CVE-2020-10199 unknown 2.5 KEVEXP 6y ago Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
CVE-2016-10033 high 10.0 KEVEXPFIX arch archdebian debian 6y ago PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attac…
CVE-2019-17558 unknown 2.5 KEVEXP debian debian 6y ago The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
CVE-2019-10758 unknown 1.5 KEV 7y ago mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
CVE-2019-0193 unknown 1.5 KEVFIX debian debian 7y ago The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
CVE-2018-15811 unknown 2.5 KEVEXP 7y ago DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
CVE-2018-18325 unknown 2.5 KEVEXP 7y ago DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch f…
CVE-2019-5418 unknown 2.5 KEVEXPFIX slesdebian debian 7y ago Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server…
CVE-2019-6340 unknown 2.5 KEVEXP 7y ago In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
CVE-2018-11776 unknown 2.5 KEVEXP 8y ago Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi…
CVE-2017-5638 unknown 2.5 KEVEXP 8y ago Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
CVE-2018-1273 unknown 1.5 KEV 8y ago Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
CVE-2017-12615 unknown 2.5 KEVEXP sles 8y ago When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it conta…
CVE-2017-9805 unknown 2.5 KEVEXP 8y ago Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
CVE-2017-9822 unknown 2.5 KEVEXP 8y ago DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
CVE-2016-0752 unknown 2.5 KEVEXPFIX slesdebian debian 11y ago Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
CVE-2014-0130 unknown 1.5 KEV sles 12y ago Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted re…
CVE-2010-0806 high 8.8 10.0 KEVEXP windows windows microsoft 17y ago Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion …
CVE-2010-0249 high 8.8 10.0 KEVEXP windows windows microsoft 17y ago Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted …
CVE-2009-3459 high 8.8 10.0 KEVEXP adobe 17y ago Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
CVE-2009-1537 high 8.8 10.0 KEV windows windows microsoft 17y ago Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a craf…