Server Security Vulnerabilities

CVE-2024-0507

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and....

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

CVE-2023-7234

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description...

CVE-2023-37523

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's...

CVE-2023-37522

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's...

CVE-2023-37521

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious...

CVE-2021-4432

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public.....

CVE-2024-21673

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated...

CVE-2024-21674

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated...

CVE-2024-21672

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated...

CVE-2023-22527

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

CVE-2024-0548

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the get_pfp and get_banner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is...

CVE-2010-10011

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the.....

CVE-2023-31036

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead....

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic...

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them...

CVE-2023-29445

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to...

CVE-2023-29444

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...

CVE-2024-21320

Windows Themes Spoofing...

CVE-2024-21316

Windows Server Key Distribution Service Security Feature...

CVE-2024-21318

Microsoft SharePoint Server Remote Code Execution...

CVE-2024-21313

Windows TCP/IP Information Disclosure...

CVE-2024-21314

Microsoft Message Queuing Information Disclosure...

CVE-2024-21311

Windows Cryptographic Services Information Disclosure...

CVE-2024-21310

Windows Cloud Files Mini Filter Driver Elevation of Privilege...

CVE-2024-21309

Windows Kernel-Mode Driver Elevation of Privilege...

CVE-2024-21307

Remote Desktop Client Remote Code Execution...

CVE-2024-21306

Microsoft Bluetooth Driver Spoofing...

CVE-2024-21305

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass...

CVE-2024-20699

Windows Hyper-V Denial of Service...

CVE-2024-20698

Windows Kernel Elevation of Privilege...

CVE-2024-20697

Windows Libarchive Remote Code Execution...

CVE-2024-20700

Windows Hyper-V Remote Code Execution...

CVE-2024-20696

Windows Libarchive Remote Code Execution...

CVE-2024-20694

Windows CoreMessaging Information Disclosure ...

CVE-2024-20691

Windows Themes Information Disclosure...

CVE-2024-20692

Microsoft Local Security Authority Subsystem Service Information Disclosure...

CVE-2024-20687

Microsoft AllJoyn API Denial of Service...

CVE-2024-20686

Win32k Elevation of Privilege...

CVE-2024-20683

Win32k Elevation of Privilege...

CVE-2024-20681

Windows Subsystem for Linux Elevation of Privilege...

CVE-2024-20680

Windows Message Queuing Client (MSMQC) Information...

CVE-2024-20682

Windows Cryptographic Services Remote Code Execution...

CVE-2024-20674

Windows Kerberos Security Feature Bypass...

CVE-2024-20666

BitLocker Security Feature Bypass...

CVE-2024-20660

Microsoft Message Queuing Information Disclosure...

CVE-2024-20662

Windows Online Certificate Status Protocol (OCSP) Information Disclosure...

CVE-2024-20664

Microsoft Message Queuing Information Disclosure...

CVE-2024-20663

Windows Message Queuing Client (MSMQC) Information...