Lucene search

K

All F-Secure And WithSecure Endpoint Protection Products For Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper Security Vulnerabilities

cvelist
cvelist

CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

EPSS

2024-06-25 08:25 PM
1
redhatcve
redhatcve

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...

7.5AI Score

EPSS

2024-06-25 08:25 PM
redhatcve
redhatcve

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)...

7AI Score

EPSS

2024-06-25 08:25 PM
1
redhatcve
redhatcve

CVE-2024-37078

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine...

7.1AI Score

EPSS

2024-06-25 08:25 PM
openbugbounty
openbugbounty

ubaldlalime.com Cross Site Scripting vulnerability OBB-3938882

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:25 PM
3
redhatcve
redhatcve

CVE-2022-48772

In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730].....

7.2AI Score

EPSS

2024-06-25 08:24 PM
redhatcve
redhatcve

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

7AI Score

EPSS

2024-06-25 08:24 PM
openbugbounty
openbugbounty

terrys-service.com Cross Site Scripting vulnerability OBB-3938879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
openbugbounty
openbugbounty

t1rex.com Cross Site Scripting vulnerability OBB-3938878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
openbugbounty
openbugbounty

tolliversflowershop.com Cross Site Scripting vulnerability OBB-3938880

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
cvelist
cvelist

CVE-2024-5016 WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

EPSS

2024-06-25 08:23 PM
openbugbounty
openbugbounty

sydkusten.es Cross Site Scripting vulnerability OBB-3938877

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:23 PM
3
openbugbounty
openbugbounty

ripledd.com Cross Site Scripting vulnerability OBB-3938875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:22 PM
2
openbugbounty
openbugbounty

qemjanitorial.com Cross Site Scripting vulnerability OBB-3938873

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:21 PM
2
openbugbounty
openbugbounty

perreux.fr Cross Site Scripting vulnerability OBB-3938871

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:19 PM
2
openbugbounty
openbugbounty

npzl.be Cross Site Scripting vulnerability OBB-3938869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:18 PM
3
openbugbounty
openbugbounty

lutonsynagogue.org.uk Cross Site Scripting vulnerability OBB-3938865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:16 PM
2
cve
cve

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

7.9AI Score

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS

9.9AI Score

EPSS

2024-06-25 08:15 PM
3
nvd
nvd

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

7.5CVSS

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

8.8CVSS

EPSS

2024-06-25 08:15 PM
1
cve
cve

CVE-2024-5009

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's...

8.4CVSS

8.1AI Score

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-5009

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's...

8.4CVSS

EPSS

2024-06-25 08:15 PM
1
cve
cve

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

7.5CVSS

7.5AI Score

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

8.8CVSS

8.7AI Score

EPSS

2024-06-25 08:15 PM
1
cve
cve

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

7.5CVSS

7.3AI Score

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

7.5CVSS

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-4498

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the...

7.7CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-4885

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...

9.8CVSS

10AI Score

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-4884

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole...

9.8CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-4884

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole...

9.8CVSS

10AI Score

EPSS

2024-06-25 08:15 PM
2
cve
cve

CVE-2024-4883

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through...

9.8CVSS

9.7AI Score

EPSS

2024-06-25 08:15 PM
3
nvd
nvd

CVE-2024-4883

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through...

9.8CVSS

EPSS

2024-06-25 08:15 PM
nvd
nvd

CVE-2024-4885

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...

9.8CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-4498

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the...

7.7CVSS

7.9AI Score

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

4.3CVSS

EPSS

2024-06-25 08:15 PM
debiancve
debiancve

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...

6.3CVSS

7.1AI Score

EPSS

2024-06-25 08:15 PM
nvd
nvd

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service...

6.3CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

4.3CVSS

4.7AI Score

EPSS

2024-06-25 08:15 PM
1
cve
cve

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service...

6.3CVSS

6.3AI Score

EPSS

2024-06-25 08:15 PM
3
cvelist
cvelist

CVE-2024-5015 WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

7.1CVSS

EPSS

2024-06-25 08:15 PM
1
openbugbounty
openbugbounty

levangileaucoeur.fr Cross Site Scripting vulnerability OBB-3938861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:15 PM
3
cvelist
cvelist

CVE-2024-5014 WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

7.1CVSS

EPSS

2024-06-25 08:13 PM
1
cvelist
cvelist

CVE-2024-5013 WhatsUp Gold InstallController Denial-of-Service Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

7.5CVSS

EPSS

2024-06-25 08:11 PM
cvelist
cvelist

CVE-2024-5012 WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...

8.6CVSS

EPSS

2024-06-25 08:10 PM
1
openbugbounty
openbugbounty

flowersetcofyorksc.com Cross Site Scripting vulnerability OBB-3938853

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:10 PM
4
cvelist
cvelist

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

EPSS

2024-06-25 08:08 PM
2
openbugbounty
openbugbounty

eplay.co.uk Cross Site Scripting vulnerability OBB-3938850

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:08 PM
3
Total number of security vulnerabilities3304529