CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41810 – Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool
https://notcve.org/view.php?id=CVE-2021-41810
02 May 2022 — Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable La herramienta de administración permite almacenar datos de configuración con un script que puede ser ejecutado por otro administrador de la bóveda. Requiere autenticación a nivel de administrador de la bóveda y no es explotable remotamente • https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42973
https://notcve.org/view.php?id=CVE-2021-42973
07 Dec 2021 — NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Server está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecutar código arbitrario ... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42972
https://notcve.org/view.php?id=CVE-2021-42972
07 Dec 2021 — NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Server está afectado por el Desbordamiento del Búfer. IOCTL Handler 0x22001B en NoMachine Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecutar código arbitrario en... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31816
https://notcve.org/view.php?id=CVE-2021-31816
08 Jul 2021 — When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Cuando se configura Octopus Server, si está configurado con una base de datos SQL externa, en la configuración inicial la contraseña de la base de datos se escribe en el archivo de registro OctopusServer.txt en texto plano • https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30183
https://notcve.org/view.php?id=CVE-2021-30183
14 May 2021 — Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. Un almacenamiento de texto sin cifrar de información confidencial en múltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importación o exportación, la contraseña usada para cifrar y descifrar valores confiden... • https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16197
https://notcve.org/view.php?id=CVE-2020-16197
25 Aug 2020 — An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. Se detectó un problema en Octopus Deploy versión 3.4. • https://github.com/OctopusDeploy/Issues/issues/6529 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15879
https://notcve.org/view.php?id=CVE-2020-15879
21 Jul 2020 — Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). Bitwarden Server versión 1.35.1, permite un ataque de tipo SSRF porque no considera determinadas direcciones IPv6 (las que comienzan con fc, fd, fe o ff, y la dirección ::) y determinadas direcciones IPv4 (0.0.0.0/8, 127.0.0.0/8 y 169.254.0.0/16) • https://github.com/bitwarden/server/pull/827 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19766
https://notcve.org/view.php?id=CVE-2019-19766
12 Dec 2019 — The Bitwarden server through 1.32.0 has a potentially unwanted KDF. El servidor Bitwarden versiones hasta 1.32.0, presenta un KDF potencialmente no deseado. • https://github.com/bitwarden/jslib/issues/52 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19085
https://notcve.org/view.php?id=CVE-2019-19085
18 Nov 2019 — A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente en Octopus Server versiones 3.4.0 hasta 2019.10.5, tiene a atacantes autenticados remotos inyectar script web o HTML arbitrario. • https://github.com/OctopusDeploy/Issues/issues/5961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17393 – Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography
https://notcve.org/view.php?id=CVE-2019-17393
16 Oct 2019 — The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. El Customer's Tomedo Server en la versión 1.7.3, se comunica con el Vendor Tomedo Server por medio de HTTP (en texto sin cifrar) que puede ser rastreado por actores no autorizados. La autenticación básica... • https://packetstorm.news/files/id/154873 • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •