Nomisec Exploits

22,793 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-42793 NOMISEC CRITICAL
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by Zenmovie
8 stars
CVSS 9.8
CVE-2017-15361 NOMISEC MEDIUM
Infineon RSA library <1.02.013 - RCE
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
by Elbarbons
CVSS 5.9
CVE-2023-38545 NOMISEC CRITICAL
libcurl 7.69.0-8.4.0 - Heap-Based Buffer Overflow in SOCKS5 Proxy Handshake
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
by UTsweetyfish
19 stars
CVSS 9.8
CVE-2023-5217 NOMISEC HIGH
libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by UT-Security
17 stars
CVSS 8.8
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by Boogipop
55 stars
CVSS 9.8
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by j3seer
8 stars
CVSS 9.8
CVE-2023-29357 NOMISEC CRITICAL
Sharepoint Dynamic Proxy Generator Unauth RCE
Microsoft SharePoint Server Elevation of Privilege Vulnerability
by LuemmelSec
53 stars
CVSS 9.8
CVE-2021-3560 NOMISEC HIGH
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
by TieuLong21Prosper
CVSS 7.8
CVE-2023-36802 NOMISEC HIGH
Microsoft Streaming Service Proxy - Privilege Escalation
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
by chompie1337
167 stars
CVSS 7.8
CVE-2023-36723 NOMISEC HIGH
Windows Container Manager Service - Privilege Escalation
Windows Container Manager Service Elevation of Privilege Vulnerability
by Wh04m1001
68 stars
CVSS 7.8
CVE-2023-29357 NOMISEC CRITICAL
Sharepoint Dynamic Proxy Generator Unauth RCE
Microsoft SharePoint Server Elevation of Privilege Vulnerability
by KeyStrOke95
2 stars
CVSS 9.8
CVE-2023-4911 NOMISEC HIGH
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
by silent6trinity
CVSS 7.8
CVE-2023-27363 NOMISEC HIGH
Foxit PDF Reader < 12.1.1.15289 and PDF Editor < 10.1.11.37866 - Remote Code Execution via exportXFAData Method
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
by CN016
1 stars
CVSS 7.8
CVE-2023-32315 NOMISEC HIGH
Openfire authentication bypass with RCE plugin
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
by CN016
CVSS 8.6
CVE-2017-16720 NOMISEC CRITICAL
Advantech WebAccess <= 8.3.2 - Path Traversal
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
by CN016
1 stars
CVSS 9.8
CVE-2023-2928 NOMISEC MEDIUM
dedecms < 5.7.106 - Remote Code Injection via article_allowurl_edit.php allurls Parameter
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.
by CN016
1 stars
CVSS 6.3
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by CN016
CVSS 9.8
CVE-2020-11444 NOMISEC HIGH
Sonatype Nexus Repository Manager 3.0.0-3.21.2 - Incorrect Access Control
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
by CN016
CVSS 8.8
CVE-2021-37580 NOMISEC CRITICAL
Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
by CN016
1 stars
CVSS 9.8
CVE-2023-29922 NOMISEC MEDIUM
PowerJob V4.3.1 - Improper Access Control via User Creation Interface
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
by CN016
CVSS 5.3
CVE-2023-27524 NOMISEC HIGH
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
by CN016
CVSS 8.9
CVE-2023-43263 NOMISEC MEDIUM
Froala Editor 4.1.1 - Stored Cross-Site Scripting via Markdown Component
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.
by b0marek
CVSS 6.1
CVE-2023-21238 NOMISEC MEDIUM
Android - Local Information Disclosure via RemoteViews visitUris
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
by Trinadh465
CVSS 5.5
CVE-2023-2640 NOMISEC HIGH
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
by g1vi
132 stars
CVSS 7.8
CVE-2023-40429 NOMISEC MEDIUM
Apple iPadOS < 17.0 - Unprotected User Data Exposure via Permissions Issue
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.
by biscuitehh
5 stars
CVSS 5.5