CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24932
https://notcve.org/view.php?id=CVE-2022-24932
08 Mar 2022 — Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Una vulnerabilidad de Protección Inapropiada de la Ruta Alternativa en el proceso del Asistente de Instalación versiones anteriores a 1 de SMR Mar-2022, permite una instalación de paquetes de atacantes físicos antes de finalizar el asistente de Instalación • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-424: Improper Protection of Alternate Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25368
https://notcve.org/view.php?id=CVE-2021-25368
25 Mar 2021 — Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Una vulnerabilidad de secuestro en Samsung Cloud versiones anteriores a 4.7.0.3, permite a atacantes interceptar cuando el proveedor es ejecutado • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15506
https://notcve.org/view.php?id=CVE-2020-15506
07 Jul 2020 — An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Una vulnerabilidad de omisión de autentificación en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 permite a atacantes remotos omitir los mecanismo... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15507
https://notcve.org/view.php?id=CVE-2020-15507
07 Jul 2020 — An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. Se presenta una vulnerabilidad arbitraria de lectura de archivos en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 que permite a atacantes remotos leer archivos sobre... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2019-9945
https://notcve.org/view.php?id=CVE-2019-9945
23 Mar 2019 — SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin... • https://www.digitaldefense.com/blog/2019-softnas-cloud-zero-day-blog •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 4CVE-2018-14417 – SoftNAS Cloud < 4.0.3 - OS Command Injection
https://notcve.org/view.php?id=CVE-2018-14417
27 Jul 2018 — A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions. Se ha encontrado una vulnerabilidad de inyección de comandos en la consola de administración web en SoftNAS Cloud en versiones anteriores a la 4.0.3. En particular, el script snserv no saneó el parámetro "re... • https://packetstorm.news/files/id/148718 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2014-3476 – openstack-keystone: privilege escalation through trust chained delegation
https://notcve.org/view.php?id=CVE-2014-3476
17 Jun 2014 — OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. OpenStack Identity (Keystone) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 no maneja debidamente la delegación encadenada, lo que permite a usuarios remotos autenticado... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0CVE-2013-4365 – Gentoo Linux Security Advisory 201402-09
https://notcve.org/view.php?id=CVE-2013-4365
11 Oct 2013 — Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. Robert Matthews discov... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html • CWE-787: Out-of-bounds Write •