Windows Server 2022, 23H2 Edition (Server Core Installation) Security Vulnerabilities
CVE-2022-2929 affecting package dhcp 4.4.2-3
CVE-2022-2929 affecting package dhcp 4.4.2-3. No patch is available...
6.5CVSS
9.9AI Score
0.001EPSS
CVE-2022-38127 affecting package binutils 2.36.1-2
CVE-2022-38127 affecting package binutils 2.36.1-2. This CVE either no longer is or was never...
7.5AI Score
EPSS
CVE-2022-40133 affecting package kernel 5.10.189.1-1
CVE-2022-40133 affecting package kernel 5.10.189.1-1. No patch is available...
6.3CVSS
7.5AI Score
0.0004EPSS
CVE-2022-36049 affecting package helm 3.4.1-17
CVE-2022-36049 affecting package helm 3.4.1-17. No patch is available...
7.7CVSS
7.5AI Score
0.001EPSS
CVE-2022-27664 affecting package golang 1.17.13-2
CVE-2022-27664 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9AI Score
0.002EPSS
CVE-2022-38533 affecting package binutils 2.36.1-3
CVE-2022-38533 affecting package binutils 2.36.1-3. No patch is available...
5.5CVSS
9.9AI Score
0.001EPSS
CVE-2022-30698 affecting package unbound 1.10.0-5
CVE-2022-30698 affecting package unbound 1.10.0-5. No patch is available...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2
CVE-2022-21540 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
9.9AI Score
0.001EPSS
CVE-2022-4904 affecting package grpc 1.35.0-9
CVE-2022-4904 affecting package grpc 1.35.0-9. No patch is available...
8.6CVSS
9.5AI Score
0.001EPSS
CVE-2022-41862 affecting package postgresql 12.15-1
CVE-2022-41862 affecting package postgresql 12.15-1. No patch is available...
3.7CVSS
7.5AI Score
0.001EPSS
CVE-2022-41722 affecting package golang 1.17.13-2
CVE-2022-41722 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
8.7AI Score
0.001EPSS
CVE-2022-41724 affecting package golang 1.17.13-2
CVE-2022-41724 affecting package golang 1.17.13-2. No patch is available...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2022-1941 affecting package protobuf 3.14.0-1
CVE-2022-1941 affecting package protobuf 3.14.0-1. No patch is available...
7.5CVSS
9.9AI Score
0.002EPSS
CVE-2022-3515 affecting package gnupg2 2.2.20-4
CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2022-4543 affecting package kernel 5.10.189.1-1
CVE-2022-4543 affecting package kernel 5.10.189.1-1. No patch is available...
5.5CVSS
7.5AI Score
0.0004EPSS
CVE-2022-46176 affecting package rust 1.59.0-1
CVE-2022-46176 affecting package rust 1.59.0-1. No patch is available...
5.9CVSS
7.5AI Score
0.001EPSS
CVE-2022-43410 affecting package mercurial 5.4-2
CVE-2022-43410 affecting package mercurial 5.4-2. No patch is available...
5.3CVSS
7.5AI Score
0.001EPSS
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2
CVE-2022-21626 affecting package openjdk8 1.8.0.332-2. No patch is available...
5.3CVSS
6.1AI Score
0.002EPSS
CVE-2022-42969 affecting package python-py 1.10.0-1
CVE-2022-42969 affecting package python-py 1.10.0-1. No patch is available...
7.5CVSS
9.9AI Score
0.007EPSS
CVE-2022-36055 affecting package helm 3.4.1-17
CVE-2022-36055 affecting package helm 3.4.1-17. No patch is available...
6.5CVSS
9.9AI Score
0.001EPSS
CVE-2022-0529 affecting package unzip 6.0-19
CVE-2022-0529 affecting package unzip 6.0-19. No patch is available...
5.5CVSS
5.9AI Score
0.002EPSS
CVE-2022-44792 affecting package net-snmp 5.9-4
CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...
6.5CVSS
6.9AI Score
0.003EPSS
CVE-2022-24963 affecting package apr for versions less than 1.7.2-1
CVE-2022-24963 affecting package apr for versions less than 1.7.2-1. A patched version of the package is...
9.8CVSS
6.9AI Score
0.059EPSS
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.001EPSS
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
7.8AI Score
0.001EPSS
Decoding OWASP – A Security Engineer’s Roadmap to Application Security
In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...
8.4AI Score
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are...
5.3CVSS
EPSS
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring (ITM) portal server. have been remediated. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM...
7.5CVSS
8.5AI Score
0.001EPSS
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...
7.8AI Score
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
7.3CVSS
EPSS
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
7.3CVSS
7.2AI Score
EPSS
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be.....
8.6CVSS
EPSS
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be.....
8.6CVSS
8.7AI Score
EPSS
In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of...
7.5CVSS
7.5AI Score
EPSS
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's...
5.4CVSS
EPSS
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's...
5.4CVSS
5.5AI Score
EPSS
In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of...
7.5CVSS
EPSS
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...
8.6CVSS
8.6AI Score
EPSS
In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...
9.8CVSS
9.9AI Score
EPSS
A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and...
7.4CVSS
EPSS
A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and...
7.4CVSS
7.7AI Score
EPSS
In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...
9.8CVSS
EPSS
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...
8.6CVSS
EPSS
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the add_deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by...
9.8CVSS
EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources,...
7.3CVSS
EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources,...
7.3CVSS
7.2AI Score
EPSS
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the add_deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by...
9.8CVSS
9.7AI Score
EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
6.7AI Score
EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
EPSS
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
EPSS