Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 360/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-20286(opens NVD record) | Medium | 5.3 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide. | Aug 28, 2024 |
| CVE-2024-20285(opens NVD record) | Medium | 5.3 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide. | Aug 28, 2024 |
| CVE-2024-20284(opens NVD record) | Medium | 5.3 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide. | Aug 28, 2024 |
| CVE-2024-20279(opens NVD record) | Medium | 4.3 | A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. | Aug 28, 2024 |
| CVE-2024-5546(opens NVD record) | High | 8.3 | Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. | Aug 28, 2024 |
| CVE-2024-4556(opens NVD record) | Medium | 5.7 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | Aug 28, 2024 |
| CVE-2024-4555(opens NVD record) | High | 7.7 | Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | Aug 28, 2024 |
| CVE-2024-4554(opens NVD record) | High | 7.3 | Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1. | Aug 28, 2024 |
| CVE-2021-38122(opens NVD record) | Medium | 6.2 | A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | Aug 28, 2024 |
| CVE-2021-38121(opens NVD record) | High | 8.3 | Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | Aug 28, 2024 |
| CVE-2021-38120(opens NVD record) | Medium | 5.1 | A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | Aug 28, 2024 |
| CVE-2021-22530(opens NVD record) | High | 8.2 | A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 | Aug 28, 2024 |
| CVE-2021-22529(opens NVD record) | Medium | 6.3 | A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 | Aug 28, 2024 |
| CVE-2021-22509(opens NVD record) | High | 8.1 | A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | Aug 28, 2024 |
| CVE-2024-39584(opens NVD record) | High | 8.2 | Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. | Aug 28, 2024 |
| CVE-2023-43078(opens NVD record) | Medium | 6.7 | Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. | Aug 28, 2024 |
| CVE-2024-7720(opens NVD record) | Critical | 9.8 | HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | Aug 27, 2024 |
| CVE-2024-44797(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter. | Aug 26, 2024 |
| CVE-2024-44796(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter. | Aug 26, 2024 |
| CVE-2024-44795(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | Aug 26, 2024 |
| CVE-2024-44794(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter. | Aug 26, 2024 |
| CVE-2024-44793(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter. | Aug 26, 2024 |
| CVE-2024-41879(opens NVD record) | High | 7.8 | Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 26, 2024 |
| CVE-2024-42340(opens NVD record) | High | 8.3 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | Aug 25, 2024 |
| CVE-2024-42339(opens NVD record) | Medium | 4.3 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Aug 25, 2024 |
| CVE-2024-42338(opens NVD record) | Medium | 4.3 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Aug 25, 2024 |
| CVE-2024-42337(opens NVD record) | Medium | 4.3 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Aug 25, 2024 |
| CVE-2022-43915(opens NVD record) | Medium | 6.8 | IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. | Aug 24, 2024 |
| CVE-2024-38207(opens NVD record) | Medium | 6.3 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Aug 23, 2024 |
| CVE-2024-42531(opens NVD record) | Critical | 9.8 | Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk. | Aug 23, 2024 |
| CVE-2024-43031(opens NVD record) | Medium | 4.3 | autMan v2.9.6 was discovered to contain an access control issue. | Aug 23, 2024 |
| CVE-2024-41150(opens NVD record) | Medium | 6.3 | An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | Aug 23, 2024 |
| CVE-2024-38869(opens NVD record) | High | 8.3 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | Aug 23, 2024 |
| CVE-2024-5586(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | Aug 23, 2024 |
| CVE-2024-5556(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | Aug 23, 2024 |
| CVE-2024-5490(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | Aug 23, 2024 |
| CVE-2024-5467(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | Aug 23, 2024 |
| CVE-2024-5466(opens NVD record) | High | 8.8 | Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | Aug 23, 2024 |
| CVE-2024-36517(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | Aug 23, 2024 |
| CVE-2024-36516(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | Aug 23, 2024 |
| CVE-2024-36515(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | Aug 23, 2024 |
| CVE-2024-36514(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | Aug 23, 2024 |
| CVE-2024-40766(opens NVD record) | Critical | 9.8 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | Aug 23, 2024 |
| CVE-2024-43477(opens NVD record) | High | 7.5 | Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | Aug 23, 2024 |
| CVE-2024-38210(opens NVD record) | High | 7.8 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Aug 22, 2024 |
| CVE-2024-38209(opens NVD record) | High | 7.8 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Aug 22, 2024 |
| CVE-2024-38208(opens NVD record) | Medium | 6.1 | Microsoft Edge for Android Spoofing Vulnerability | Aug 22, 2024 |
| CVE-2024-43790(opens NVD record) | Medium | 4.5 | Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689. | Aug 22, 2024 |
| CVE-2024-39717(opens NVD record) | High | 7.2 | The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. | Aug 22, 2024 |
| CVE-2024-7634(opens NVD record) | Medium | 4.9 | NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | Aug 22, 2024 |