CVE-2022-37920

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2024-25610

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

CVE-2024-13181

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010...

PT-2025-54615

Insufficient epoch key slot processing in OpenVPN 2.7 alpha1 through 2.7 rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

CVE-2024-54009

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information...

CVE-2024-54009

CVE-2024-54009 affects HPE Alletra Storage MP B10000 prior to version 10.4.5. The issue is a remote authentication bypass that can be exploited to cause information disclosure. Affected component: HPE Alletra Storage MP B10000 firmware versions before 10.4.5. Impact: information disclosure with a...

CVE-2024-11984

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

PT-2024-36014 · Hewlett Packard · Hpe Alletra Storage Mp B10000

Name of the Vulnerable Software and Affected Versions: HPE Alletra Storage MP B10000 versions prior to 10.4.5 Description: A remote authentication bypass issue affects the HPE Alletra Storage MP B10000, allowing disclosure of information. This issue can be remotely exploited. Recommendations: For...

Hewlett Packard Enterprise Alletra Storage MP B10000 安全漏洞

The Hewlett Packard Enterprise Alletra Storage MP B10000 HPE Alletra Storage MP B10000 is an enterprise-class block storage appliance from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Alletra Storage MP B10000 versions prior to 10.4.5, which stems...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql15 (SUSE-SU-2024:4174-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4174-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS appli...

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system, which allows a hacker to execute an attack using brute-force methods.

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system is related to the ability to bypass authentication by using a user-controlled password. Exploiting this vulnerability could allow an attacker operating remotely to execute a brute-force attack...

The vulnerability of AnyConnect, a microprogramming-based network interface software from Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), allows attackers to circumvent existing security restrictions.

The vulnerability of AnyConnect, a microprogramming-based network interface software used by Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD, relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor to...

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution...

CVE-2023-52943

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors...

Cisco NX-OS Resource Management Errors (CVE-2015-6308)

Cisco NX-OS 6.02U60.46 on N3K devices allows remote authenticated users to cause a denial of service temporary SNMP outage via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

CVE-2024-52959 iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code 'Code Injection' vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file...

Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞

Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...