Lucene search

K

Security Service Security Vulnerabilities

cve
cve

CVE-2023-47717

IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: ...

4.4CVSS

6.2AI Score

0.0004EPSS

2024-05-16 06:15 PM
52
cve
cve

CVE-2023-47711

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: ...

2.7CVSS

6.2AI Score

0.0004EPSS

2024-05-14 01:56 PM
29
cve
cve

CVE-2023-42126

G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...

7.8CVSS

7.8AI Score

0.001EPSS

2024-05-03 03:15 AM
22
cve
cve

CVE-2023-42125

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....

7.8CVSS

7.8AI Score

0.001EPSS

2024-05-03 03:15 AM
24
cve
cve

CVE-2023-27347

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order....

7.8CVSS

7.8AI Score

0.001EPSS

2024-05-03 02:15 AM
24
cve
cve

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....

8.6CVSS

8.4AI Score

0.002EPSS

2024-04-24 07:15 PM
168
In Wild
cve
cve

CVE-2024-31874

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: ...

6.2CVSS

6AI Score

0.0004EPSS

2024-04-10 04:15 PM
31
cve
cve

CVE-2024-28787

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: ...

8.7CVSS

8.1AI Score

0.0004EPSS

2024-04-04 06:15 PM
45
cve
cve

CVE-2024-0692

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code...

8.8CVSS

9.2AI Score

0.001EPSS

2024-03-01 09:15 AM
74
cve
cve

CVE-2023-31006

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: ...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-02-03 01:15 AM
23
cve
cve

CVE-2023-30999

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: ...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-02-03 01:15 AM
36
cve
cve

CVE-2023-7043

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-01-31 01:15 PM
13
cve
cve

CVE-2024-20926

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...

5.9CVSS

5.8AI Score

0.001EPSS

2024-01-16 10:15 PM
64
cve
cve

CVE-2024-20918

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle...

7.4CVSS

7.1AI Score

0.001EPSS

2024-01-16 10:15 PM
92
cve
cve

CVE-2024-0316

Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service...

7.5CVSS

7.4AI Score

0.0005EPSS

2024-01-15 04:15 PM
10
cve
cve

CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-01-09 05:15 PM
95
cve
cve

CVE-2024-22165

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.The vulnerability requires an...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-01-09 05:15 PM
98
cve
cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

5.9CVSS

6.7AI Score

0.962EPSS

2023-12-18 04:15 PM
401
cve
cve

CVE-2023-35867

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle...

5.9CVSS

5.7AI Score

0.001EPSS

2023-12-18 01:15 PM
16
cve
cve

CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

8.8CVSS

9AI Score

0.015EPSS

2023-12-10 06:15 PM
670
cve
cve

CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4.3CVSS

6.4AI Score

0.002EPSS

2023-12-10 06:15 PM
254
cve
cve

CVE-2023-5870

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would.....

4.4CVSS

6.3AI Score

0.001EPSS

2023-12-10 06:15 PM
230
cve
cve

CVE-2023-49322

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-11-27 12:15 AM
13
cve
cve

CVE-2023-49321

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17...

5.3CVSS

5.2AI Score

0.0005EPSS

2023-11-27 12:15 AM
10
cve
cve

CVE-2023-47263

Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure....

7.5CVSS

7.4AI Score

0.0005EPSS

2023-11-16 03:15 AM
14
cve
cve

CVE-2023-47264

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-11-16 03:15 AM
8
cve
cve

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-11-15 09:15 PM
21
cve
cve

CVE-2023-20095

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to...

8.6CVSS

8.3AI Score

0.001EPSS

2023-11-01 06:15 PM
58
cve
cve

CVE-2023-20042

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to...

8.6CVSS

8.3AI Score

0.001EPSS

2023-11-01 06:15 PM
54
cve
cve

CVE-2023-20086

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6...

8.6CVSS

8.4AI Score

0.001EPSS

2023-11-01 05:15 PM
48
cve
cve

CVE-2023-22081

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM...

5.3CVSS

4.9AI Score

0.001EPSS

2023-10-17 10:15 PM
445
cve
cve

CVE-2023-22067

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

5.3CVSS

4.7AI Score

0.001EPSS

2023-10-17 10:15 PM
424
cve
cve

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

3.7CVSS

3.5AI Score

0.001EPSS

2023-10-17 10:15 PM
344
cve
cve

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0.....

4.3CVSS

4.5AI Score

0.001EPSS

2023-10-16 07:15 PM
30
cve
cve

CVE-2022-43740

IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: ...

7.5CVSS

7.2AI Score

0.001EPSS

2023-10-14 04:15 PM
51
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2023-45219

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS)...

4.4CVSS

4.9AI Score

0.0004EPSS

2023-10-10 01:15 PM
31
cve
cve

CVE-2023-41085

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
35
cve
cve

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...

8.7CVSS

8.3AI Score

0.001EPSS

2023-10-10 01:15 PM
43
cve
cve

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not...

6.5CVSS

6.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
39
cve
cve

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.5CVSS

5.8AI Score

0.0004EPSS

2023-10-10 01:15 PM
37
cve
cve

CVE-2023-41373

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software...

9.9CVSS

9.3AI Score

0.002EPSS

2023-10-10 01:15 PM
43
cve
cve

CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

7.2CVSS

7AI Score

0.001EPSS

2023-10-10 01:15 PM
32
cve
cve

CVE-2023-43611

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-10-10 01:15 PM
40
cve
cve

CVE-2023-40534

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached...

7.5CVSS

7.6AI Score

0.0005EPSS

2023-10-10 01:15 PM
44
cve
cve

CVE-2023-40542

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
38
cve
cve

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-10 01:15 PM
39
cve
cve

CVE-2023-3665

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-10-04 03:15 PM
29
cve
cve

CVE-2023-43767

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-22 05:15 AM
18
cve
cve

CVE-2023-43761

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements.....

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-22 05:15 AM
12
Total number of security vulnerabilities1185