• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0003
Cortex Xsoar, Paloaltonetworks
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
6.5 MEDIUM
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CVE-2023-0002
Cortex Xdr Agent, Paloaltonetworks
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
7.8 HIGH
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
CVE-2023-0001
Cortex Xdr Agent, Paloaltonetworks
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
6.7 MEDIUM
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
CVE-2020-10730
Debian, Fedoraproject, Opensuse, Redhat, Samba
Adequate, Advanced_package_tool, Amaya, Apache2, Apt, Apt-cacher, Aptlinex, Apt-listchanges, Apt-setup, Axiom, 389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux, Leap, Libzypp, Rmt-server, Autoyast2, Cryptctl, Osc, Factory, Munge, Munin, Pcp, Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform, Jitterbug, Ppp, Rsync, Samba_server, Volume_service
2023-02-03
N/A
6.5 MEDIUM
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVE-2020-7923
Mongodb
Bson, C#_driver, Compass, Database_tools, Go_driver, Java_driver, Js-bson, Kubernetes_operator, Libbson, Libmongocrypt
2023-02-03
N/A
6.5 MEDIUM
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.
CVE-2020-7576
Siemens
Logo!8_bm_firmware, Logo!8_bm, Cp1604_firmware, Cp1604, Cp1616_firmware, Cp1616, Dk_standard_ethernet_controller_firmware, Dk_standard_ethernet_controller, Ek-ertec_200_firmware, Ek-ertec_200
2023-02-03
N/A
5.4 MEDIUM
A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.
CVE-2020-16845
Debian, Fedoraproject, Golang, Opensuse
Adequate, Advanced_package_tool, Amaya, Apache2, Apt, Apt-cacher, Aptlinex, Apt-listchanges, Apt-setup, Axiom, 389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux, Go, Crypto, H2c, Hpack, Http2, Net, Package_ssh, Protobuf, Ssh, Text, Leap, Libzypp, Rmt-server, Autoyast2, Cryptctl, Osc, Factory, Munge, Munin, Pcp
2023-02-03
N/A
7.5 HIGH
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-16251
Hashicorp, Vault
Boundary, Consul, Consul_docker_image, Consul_template, Go-getter, Go-slug, Nomad, Packer, Sentinel, Terraform
2023-02-03
N/A
9.8 CRITICAL
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
CVE-2021-26732
Iac-ast2500a Firmware, Lannerinc
Iac-ast2500, Iac-ast2500a, Iac-ast2500a_firmware, Iac-ast2500_firmware
2023-02-03
N/A
5.3 MEDIUM
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-45925
Iac-ast2500a Firmware, Lannerinc
Iac-ast2500, Iac-ast2500a, Iac-ast2500a_firmware, Iac-ast2500_firmware
2023-02-03
N/A
5.3 MEDIUM
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
« Previous 1 … 11,254 11,255 11,256 11,257 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE