Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

nessus
nessus

SAP NetWeaver AS ABAP XSS (3450286)

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....

6.1CVSS

6.4AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Security Updates for Microsoft Dynamics 365 Business Central (June 2024)

The Microsoft Dynamics 365 Business Central install is missing security updates. It is, therefore, affected by multiple vulnerabilities, including: An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2024-35248) A remote code execution...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-13 12:00 AM
zdt
zdt

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-13 12:00 AM
21
ubuntucve
ubuntucve

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdt
zdt

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

8.1AI Score

0.002EPSS

2024-06-13 12:00 AM
24
packetstorm

7.4AI Score

2024-06-13 12:00 AM
29
github
github

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

7.1CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:39 PM
4
osv
osv

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

7.1CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:39 PM
2
osv
osv

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
nvd
nvd

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...

6.5CVSS

0.0004EPSS

2024-06-12 07:15 PM
3
cve
cve

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-12 07:15 PM
19
nvd
nvd

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...

5.3CVSS

0.0004EPSS

2024-06-12 07:15 PM
2
cve
cve

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-06-12 07:15 PM
18
cvelist
cvelist

CVE-2023-29267 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...

5.3CVSS

0.0004EPSS

2024-06-12 06:24 PM
2
vulnrichment
vulnrichment

CVE-2024-31881 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-12 06:21 PM
cvelist
cvelist

CVE-2024-31881 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...

6.5CVSS

0.0004EPSS

2024-06-12 06:21 PM
2
cve
cve

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-12 06:15 PM
18
nvd
nvd

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...

5.3CVSS

0.0004EPSS

2024-06-12 06:15 PM
3
osv
osv

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-12 06:10 PM
cvelist
cvelist

CVE-2024-28762 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...

5.3CVSS

0.0004EPSS

2024-06-12 05:54 PM
4
github
github

Apache Submarine Server Core Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance....

6.8AI Score

0.0004EPSS

2024-06-12 03:31 PM
1
osv
osv

Apache Submarine Server Core has a SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

7.5AI Score

0.0004EPSS

2024-06-12 03:31 PM
github
github

Apache Submarine Server Core has a SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

7.5AI Score

0.0004EPSS

2024-06-12 03:31 PM
osv
osv

Apache Submarine Server Core Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance....

6.8AI Score

0.0004EPSS

2024-06-12 03:31 PM
1
cve
cve

CVE-2024-36265

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....

6.5AI Score

0.0004EPSS

2024-06-12 03:15 PM
19
nvd
nvd

CVE-2024-36265

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....

0.0004EPSS

2024-06-12 03:15 PM
nvd
nvd

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 03:15 PM
osv
osv

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
1
cve
cve

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 03:15 PM
16
redhatcve
redhatcve

CVE-2024-37168

A flaw was found in grps-js, which implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length...

5.3CVSS

5.1AI Score

0.0005EPSS

2024-06-12 02:53 PM
2
cvelist
cvelist

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 02:50 PM
nvd
nvd

CVE-2024-36263

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...

0.0004EPSS

2024-06-12 02:15 PM
2
cve
cve

CVE-2024-36263

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...

7.1AI Score

0.0004EPSS

2024-06-12 02:15 PM
18
cve
cve

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

8.2AI Score

0.0004EPSS

2024-06-12 02:15 PM
20
nvd
nvd

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 02:15 PM
2
cve
cve

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

6.8AI Score

0.0004EPSS

2024-06-12 02:15 PM
17
nvd
nvd

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

0.0004EPSS

2024-06-12 02:15 PM
3
cvelist
cvelist

CVE-2024-36265 Apache Submarine Server Core: authorization bypass

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....

0.0004EPSS

2024-06-12 02:12 PM
1
vulnrichment
vulnrichment

CVE-2024-36265 Apache Submarine Server Core: authorization bypass

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....

6.8AI Score

0.0004EPSS

2024-06-12 02:12 PM
cvelist
cvelist

CVE-2024-36263 Apache Submarine Server Core: SQL injection

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...

0.0004EPSS

2024-06-12 02:05 PM
2
cvelist
cvelist

CVE-2024-1659 Arbitrary File Upload in MegaBIP

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 01:48 PM
2
cvelist
cvelist

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

0.0004EPSS

2024-06-12 01:47 PM
6
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:45 PM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:44 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329

Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-06-12 01:43 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7.2AI Score

0.0004EPSS

2024-06-12 01:42 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:40 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:38 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...

4.7CVSS

5.9AI Score

0.0004EPSS

2024-06-12 01:34 PM
1
Total number of security vulnerabilities434320