Vulnerabilities in n/a

159,628 results

CVE-2020-7247CRITICALsmtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary coEPSS 99.0%KEV CVE-2021-40539CRITICALZoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execuEPSS 99.0%KEV CVE-2012-1442—The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly WebwasEPSS 99.0%CVE-2021-21978—VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of EPSS 98.9%CVE-2011-3192—The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a deniEPSS 98.9%CVE-2020-9496—XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03EPSS 98.9%CVE-2023-47246CRITICALIn SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat weEPSS 98.9%KEV CVE-2020-7209—LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.EPSS 98.8%CVE-2018-19276CRITICALOpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitraEPSS 98.8%CVE-2023-28341MEDIUMStored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inEPSS 98.8%CVE-2008-4250CRITICALThe Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta aEPSS 98.8%KEV CVE-2022-39986—A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id pEPSS 98.7%CVE-2013-2465CRITICALUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlierEPSS 98.7%KEV CVE-2012-3152CRITICALUnspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remoEPSS 98.7%KEV CVE-2015-0204—The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL seEPSS 98.7%CVE-2018-15473MEDIUMOpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after EPSS 98.6%CVE-2003-0352—Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to executEPSS 98.6%CVE-2019-11539HIGHIn Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 anEPSS 98.6%KEV CVE-2013-0333—lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data toEPSS 98.6%CVE-2019-5736—runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequenEPSS 98.6%

← previouspage 6 / 7,982next →