Kibana 8.x < 8.19.16 DoS (ESA-2026-39)

The version of Kibana installed on the remote host is 8.x prior to 8.19.16. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-39 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An...

Linux Distros Unpatched Vulnerability : CVE-2019-5737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by...

com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (=1.2.0) +10 more potentially affected by CVE-2023-49921 via org.elasticsearch:elasticsearch (>=8.0.0 <=8.11.1)

org.elasticsearch:elasticsearch MAVEN version =8.0.0, =0.83.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =8.0.0, =8.11.1 Source cves: CVE-2023-49921 Source advisory: OSV:GHSA-2HJR-VMF3-XWVP...

Accellion Kiteworks 安全漏洞

Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.x and version 8.x prior to 8.3.0, which stems from the presence of directory traversal that can lead to unauthenticated file read, file delete, and file write operations...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

Drupal Encryption Problem Vulnerability

Drupal is an open source content management system developed in the PHP language by the Drupal community. An encryption issue vulnerability exists in Drupal AES encryption project 7.x and 8.x, which stems from a vulnerability that does not adequately prevent an attacker from being able to decrypt...

DRUPAL-CONTRIB-2020-034

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials. The 8.x branch of the module is vulnerable to SQL injection...

CVE-2020-13835

An issue was discovered on Samsung mobile devices with O8.x with TEEGRIS software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 June 2020...

CVE-2018-21056

An issue was discovered on Samsung mobile devices with O8.x software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 September 2018...

CVE-2018-16417

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

PT-2019-18409 · Avaya · Avaya Control Manager

Name of the Vulnerable Software and Affected Versions: Avaya Control Manager versions 7.x and 8.0.x prior to 8.0.4.0 Description: A SQL injection issue in the reporting component could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other...

CVE-2018-3001

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications subcomponent: SPMS Suite. The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructu...

ALPINE-CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

CVE-2018-2827

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: Profile. The supported version that is affected is 8.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8...

CVE-2018-2644

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications subcomponent: Worklist. Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus...

Drupal Core Phishing Attack Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability exists in Core in versions 7.x prior to Drupal 7.52 and 8.x prior to 8.2.3. An attacker can exploit this vulnerability by constructing a malicious...

PT-2017-16823 · Philip Hazel +3 · Pcre +3

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to revision 1680 PCRE versions 8.x and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted regular expression. This i...