Server Security Vulnerabilities

CVE-2024-26213

Microsoft Brokering File System Elevation of Privilege...

CVE-2024-26210

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution...

CVE-2024-26212

DHCP Server Service Denial of Service...

CVE-2024-26211

Windows Remote Access Connection Manager Elevation of Privilege...

CVE-2024-26209

Microsoft Local Security Authority Subsystem Service Information Disclosure...

CVE-2024-26205

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-26202

DHCP Server Service Remote Code Execution...

CVE-2024-26207

Windows Remote Access Connection Manager Information Disclosure...

CVE-2024-26208

Microsoft Message Queuing (MSMQ) Remote Code Execution...

CVE-2024-26189

Secure Boot Security Feature Bypass...

CVE-2024-26195

DHCP Server Service Remote Code Execution...

CVE-2024-26194

Secure Boot Security Feature Bypass...

CVE-2024-26200

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-26183

Windows Kerberos Denial of Service...

CVE-2024-26175

Secure Boot Security Feature Bypass...

CVE-2024-26172

Windows DWM Core Library Information Disclosure ...

CVE-2024-26180

Secure Boot Security Feature Bypass...

CVE-2024-26179

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-21447

Windows Authentication Elevation of Privilege...

CVE-2024-26171

Secure Boot Security Feature Bypass...

CVE-2024-26168

Secure Boot Security Feature Bypass...

CVE-2024-26158

Microsoft Install Service Elevation of Privilege...

CVE-2024-20689

Secure Boot Security Feature Bypass...

CVE-2024-20693

Windows Kernel Elevation of Privilege...

CVE-2024-20678

Remote Procedure Call Runtime Remote Code Execution...

CVE-2024-20688

Secure Boot Security Feature Bypass...

CVE-2024-20669

Secure Boot Security Feature Bypass...

CVE-2024-20665

BitLocker Security Feature Bypass...

CVE-2024-2975

A race condition was identified through which privilege escalation was possible in certain...

CVE-2024-31848

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the...

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through...

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory...

CVE-2024-27268

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...

CVE-2024-31082

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access.....

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: ...

CVE-2024-1863

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the....

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...

CVE-2024-27270

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: ...

CVE-2024-2915

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted...

CVE-2024-2921

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of...

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in...

CVE-2024-27277

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...

CVE-2023-47715

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...

CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That...

CVE-2024-27922

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary....

CVE-2024-22352

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...

CVE-2024-1908

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for....