CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/07/03 7:10 p.m.•23 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

2.4CVSS0.00366EPSS

CVE•added 2024/07/03 7:10 p.m.•64 views

CVE-2024-36122

Discourse vulnerability CVE-2024-36122 affects the open-source forum platform: moderators reviewing users in the review queue could see a user’s email address when the setting to “Allow moderators to view email addresses” is disabled. The issue affects versions prior to 3.2.3 on the stable branch...

4.3CVSS4AI score0.00366EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/07/03 7:10 p.m.•16 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

2.4CVSS6.5AI score0.00366EPSS

OSV•added 2024/07/03 7:10 p.m.•25 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

2.4CVSS6.4AI score0.00366EPSS

CNNVD•added 2024/07/03 12:0 a.m.•3 views

Discourse Security Breach

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email and chat room features. Discourse suffers from a security vulnerability that stems from the fact that moderators who review users using a moderation queue may be able to se...

4.3CVSS6.8AI score0.00366EPSS

Positive Technologies•added 2024/07/03 12:0 a.m.•6 views

PT-2024-26909 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: The issue affects moderators using the review queue, allowing them to see a user's email address...

4.3CVSS6.7AI score0.00366EPSS

Exploits0References9

RedHat Linux•added 2024/07/02 9:2 a.m.•1 views

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

7CVSS6.6AI score0.00258EPSS

RedHat Linux•added 2024/07/02 9:2 a.m.•2 views

kernel: net: ena: Fix incorrect descriptor free behavior

This is a vulnerability in the Linux kernel's Elastic Network Adapter ENA driver, which manages network interfaces on certain platforms. The driver utilizes two types of transmit TX queues: one for packets from the network stack and another for packets directed by XDP eXpress Data Path operations...

5.5CVSS6.8AI score0.00248EPSS

OSV•added 2024/06/28 7:15 p.m.•2 views

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335...

7.5CVSS5.8AI score0.00702EPSS

OSV•added 2024/06/28 6:15 p.m.•2 views

CVE-2024-31912

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894...

8.8CVSS5.8AI score0.00424EPSS

Exploits0References2

Positive Technologies•added 2024/06/28 12:0 a.m.•3 views

PT-2024-26343 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.3 LTS and 9.3 CD Description: A remote attacker could obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

6.5CVSS6.2AI score0.00534EPSS

CNNVD•added 2024/06/28 12:0 a.m.•2 views

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial of service vulnerability exists in IBM MQ, which can be exploited by an...

7.5CVSS6.5AI score0.00492EPSS

CNNVD•added 2024/06/28 12:0 a.m.•2 views

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A denial-of-service vulnerability exists in IBM MQ, which can be exploited by...

7.5CVSS6.6AI score0.00702EPSS

Positive Technologies•added 2024/06/28 12:0 a.m.•2 views

PT-2024-24279 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.3 LTS and 9.3 CD Description: The issue allows an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Recommendations: For IBM MQ versions 9.3 LTS and 9.3 CD, a...

8.8CVSS6.5AI score0.00424EPSS

CNNVD•added 2024/06/28 12:0 a.m.•3 views

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An elevation of privilege vulnerability exists in IBM MQ, which can be exploited...

8.8CVSS6.9AI score0.00424EPSS

BDU FSTEC•added 2024/06/28 12:0 a.m.•2 views

The vulnerability of the ReadTIFFImage() function in the ImageMagick console graphics editor allows a hacker to cause a service failure.

The vulnerability of the ReadTIFFImage function in the ImageMagick console graphics editor is related to buffer overflow in the queue. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS7.1AI score0.0272EPSS

Exploits0References5Affected Software3

AstraLinux•added 2024/06/26 1:32 p.m.•3 views

Astra Linux - уязвимость в linux-6.1

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flowerstatstimer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition...

5.5CVSS6.2AI score0.00221EPSS