Lucene search

K

Enterprise Server Security Vulnerabilities

cve
cve

CVE-2024-3331

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

6.8CVSS

6.7AI Score

0.0004EPSS

2024-06-27 07:15 PM
8
cve
cve

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

7.8AI Score

0.001EPSS

2024-06-20 10:15 PM
26
cve
cve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

5.4AI Score

0.0004EPSS

2024-06-18 10:15 AM
22
cve
cve

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

7.5CVSS

8AI Score

0.0004EPSS

2024-06-11 08:15 PM
23
cve
cve

CVE-2024-30100

Microsoft SharePoint Server Remote Code Execution...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-11 05:15 PM
28
cve
cve

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth...

5.9CVSS

7.2AI Score

0.001EPSS

2024-06-06 06:15 AM
30
cve
cve

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of...

7.5CVSS

6.5AI Score

0.0004EPSS

2024-05-28 01:15 PM
37
cve
cve

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed...

5.7CVSS

6.4AI Score

0.0004EPSS

2024-05-28 12:15 PM
26
cve
cve

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with....

7AI Score

0.0004EPSS

2024-05-20 10:15 PM
914
cve
cve

CVE-2024-5052

Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
24
cve
cve

CVE-2024-0862

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network...

5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 07:15 PM
25
cve
cve

CVE-2024-30044

Microsoft SharePoint Server Remote Code Execution...

7.2CVSS

7AI Score

0.001EPSS

2024-05-14 05:17 PM
70
cve
cve

CVE-2024-30043

Microsoft SharePoint Server Information Disclosure...

6.5CVSS

6AI Score

0.001EPSS

2024-05-14 05:17 PM
70
cve
cve

CVE-2024-30042

Microsoft Excel Remote Code Execution...

7.8CVSS

7AI Score

0.001EPSS

2024-05-14 05:17 PM
56
cve
cve

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.....

5.5CVSS

6.6AI Score

0.0004EPSS

2024-04-19 05:15 PM
32
cve
cve

CVE-2024-3684

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

8CVSS

6.9AI Score

0.0004EPSS

2024-04-19 03:15 PM
26
cve
cve

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-04-19 03:15 PM
28
cve
cve

CVE-2024-3646

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

8CVSS

7.4AI Score

0.0004EPSS

2024-04-19 03:15 PM
24
cve
cve

CVE-2024-21093

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to...

5.3CVSS

5.8AI Score

0.0005EPSS

2024-04-16 10:15 PM
58
cve
cve

CVE-2024-21066

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to...

4.2CVSS

5.3AI Score

0.0004EPSS

2024-04-16 10:15 PM
45
cve
cve

CVE-2024-21058

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. ...

4.9CVSS

6.5AI Score

0.0005EPSS

2024-04-16 10:15 PM
45
cve
cve

CVE-2024-20995

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle...

2.4CVSS

5.4AI Score

0.0004EPSS

2024-04-16 10:15 PM
35
cve
cve

CVE-2024-1481

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of...

5.3CVSS

6.3AI Score

0.0004EPSS

2024-04-10 09:15 PM
118
cve
cve

CVE-2024-1233

A flaw was found inJwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF)...

7.3CVSS

6.3AI Score

0.001EPSS

2024-04-09 07:15 AM
95
cve
cve

CVE-2024-31083

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs....

7.8CVSS

7.7AI Score

0.0004EPSS

2024-04-05 12:15 PM
180
cve
cve

CVE-2024-31080

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

7.3CVSS

6.3AI Score

0.0005EPSS

2024-04-04 02:15 PM
154
cve
cve

CVE-2024-31081

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

7.3CVSS

6.3AI Score

0.0005EPSS

2024-04-04 02:15 PM
152
cve
cve

CVE-2024-31082

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

7.3CVSS

7AI Score

0.0004EPSS

2024-04-04 02:15 PM
60
cve
cve

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading.....

5.4CVSS

6.1AI Score

0.0004EPSS

2024-04-02 08:15 AM
146
cve
cve

CVE-2024-25944

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web...

5.7CVSS

5.8AI Score

0.0004EPSS

2024-03-29 05:15 PM
32
cve
cve

CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS

6.3AI Score

0.0004EPSS

2024-03-28 07:15 PM
136
cve
cve

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....

6.5CVSS

6.3AI Score

0.0004EPSS

2024-03-27 08:15 AM
152
cve
cve

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being...

6.2CVSS

6.1AI Score

0.001EPSS

2024-03-21 02:15 PM
142
cve
cve

CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That...

7.5CVSS

6.4AI Score

0.0005EPSS

2024-03-21 01:00 PM
299
cve
cve

CVE-2024-1908

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-03-21 02:51 AM
8
cve
cve

CVE-2024-2748

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-03-21 12:15 AM
29
cve
cve

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported.....

8CVSS

7.5AI Score

0.0004EPSS

2024-03-20 11:15 PM
42
cve
cve

CVE-2024-2443

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...

9.1CVSS

7.4AI Score

0.0004EPSS

2024-03-20 11:15 PM
30
cve
cve

CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection.....

5.3CVSS

5.1AI Score

0.0004EPSS

2024-03-18 01:15 PM
76
cve
cve

CVE-2024-1138

The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-03-12 06:15 PM
31
cve
cve

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution...

7.8CVSS

7.7AI Score

0.001EPSS

2024-03-12 05:15 PM
186
cve
cve

CVE-2023-48788

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted...

9.8CVSS

9.7AI Score

0.711EPSS

2024-03-12 03:15 PM
136
In Wild
cve
cve

CVE-2024-21886

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding...

7.8CVSS

8.2AI Score

0.0004EPSS

2024-02-28 01:15 PM
214
cve
cve

CVE-2024-21885

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or...

7.8CVSS

8.2AI Score

0.0004EPSS

2024-02-28 01:15 PM
189
cve
cve

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-02-19 10:15 PM
181
cve
cve

CVE-2024-20903

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-02-17 02:15 AM
641
cve
cve

CVE-2023-45581

An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS...

8.8CVSS

7AI Score

0.001EPSS

2024-02-15 02:15 PM
13
cve
cve

CVE-2024-1482

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access....

7.1CVSS

6.9AI Score

0.0004EPSS

2024-02-14 08:15 PM
7
cve
cve

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG....

7.5CVSS

7.7AI Score

0.05EPSS

2024-02-14 04:15 PM
265
cve
cve

CVE-2024-1372

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise.....

9.1CVSS

9.4AI Score

0.001EPSS

2024-02-13 07:15 PM
48
Total number of security vulnerabilities4207