Windows Server, Version 1803 (Server Core Installation) Security Vulnerabilities

Reflected Cross-Site Scripting (XSS) in zenml

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28794 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50953 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2023-50952 IBM InfoSphere Information Server server-side request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31898 IBM InfoSphere Information Server data modification

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

Exploit for CVE-2024-34102

CVE-2024-34102 Usage ```bash python3 CVE-2024-34102.py...

CVE-2023-50954 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-31902 IBM InfoSphere Information Server cross-site request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

CVE-2024-35119 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...

CVE-2024-5062

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-5062

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-35022 IBM InfoSphere Information Server improper authentication

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...

CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 This exploit offers an in-depth look at the...

Debian dla-3846 : libmojolicious-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...

Fedora 39 : mingw-python-urllib3 (2024-73f181db2a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-73f181db2a advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Debian dla-3850 : glibc-doc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3850 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3850-1 [email protected] ...

Fedora 40 : mingw-python-urllib3 (2024-da86a4f061)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-da86a4f061 advisory. Update to 1.26.19, fixes CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

tryton-server - security update

Bulletin has no...

Fedora 40 : mingw-poppler (2024-94068499c9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94068499c9 advisory. Backport fix for CVE-2024-6239. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Exploit for Improper Authentication in Google Android

Bluepop CVE-2023-45866 Installation and Usage 🛠️...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246-mitigation This project is a Maven-based...

Fedora 39 : freeipa (2024-1d1b485611)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d1b485611 advisory. Fix CVE-2024-2698 and CVE-2024-3183 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...