Service Security Vulnerabilities

CVE-2024-38322

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: ...

CVE-2024-25031

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: ...

CVE-2024-6267

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short...

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is...

CVE-2024-25052

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: ...

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege...

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30090

Microsoft Streaming Service Elevation of Privilege...

CVE-2024-30093

Windows Storage Elevation of Privilege...

CVE-2024-30094

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30091

Win32k Elevation of Privilege...

CVE-2024-30087

Win32k Elevation of Privilege...

CVE-2024-30082

Win32k Elevation of Privilege...

CVE-2024-30080

Microsoft Message Queuing (MSMQ) Remote Code Execution...

CVE-2024-30084

Windows Kernel-Mode Driver Elevation of Privilege...

CVE-2024-30075

Windows Link Layer Topology Discovery Protocol Remote Code Execution...

CVE-2024-30074

Windows Link Layer Topology Discovery Protocol Remote Code Execution...

CVE-2024-30077

Windows OLE Remote Code Execution...

CVE-2024-30078

Windows Wi-Fi Driver Remote Code Execution...

CVE-2024-30063

Windows Distributed File System (DFS) Remote Code Execution...

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-3049

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth...

CVE-2023-3942

An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...

CVE-2024-30050

Windows Mark of the Web Security Feature Bypass...

CVE-2024-30049

Windows Win32 Kernel Subsystem Elevation of Privilege...

CVE-2024-30039

Windows Remote Access Connection Manager Information Disclosure...

CVE-2024-30037

Windows Common Log File System Driver Elevation of Privilege...

CVE-2024-30036

Windows Deployment Services Information Disclosure...

CVE-2024-30031

Windows CNG Key Isolation Service Elevation of Privilege...

CVE-2024-30030

Win32k Elevation of Privilege...

CVE-2024-30029

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30028

Win32k Elevation of Privilege...

CVE-2024-30027

NTFS Elevation of Privilege...

CVE-2024-30025

Windows Common Log File System Driver Elevation of Privilege...

CVE-2024-30024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30023

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30022

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

CVE-2024-30020

Windows Cryptographic Services Remote Code Execution...

CVE-2024-30019

DHCP Server Service Denial of Service...

CVE-2024-30016

Windows Cryptographic Services Information Disclosure...