Skip to main content

CWE-767

Access to Critical Private Variable via Public Method

3 CVEs Avg CVSS 7.2 MITRE
0
CRITICAL
2
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2024-36463 HIGH This Week

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-34162 MEDIUM This Month

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-26868 HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB
CVSS 3.1
7.5
EPSS
2.1%
EPSS 1% CVSS 8.8
HIGH This Week

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 2% CVSS 7.5
HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy