CVE-2024-6915

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-20
View all →

Vulnerability Description

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.

Related Vulnerabilities

CVE-2016-1929

CRITICAL
CVSS:9.3(Critical)

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relate...

CWE-202016

CVE-2018-4005

CRITICAL
CVSS:9.3(Critical)

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to rai...

CWE-202018

CVE-2018-4006

CRITICAL
CVSS:9.3(Critical)

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A use...

CWE-202018

CVE-2022-21796

CRITICAL
CVSS:9.3(Critical)

A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write....

CWE-202022

CVE-2025-29814

CRITICAL
CVSS:9.3(Critical)

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

CWE-202025

CVE-2021-32642

CRITICAL
CVSS:9.4(Critical)

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to...

CWE-202021