CVE-2024-25048

IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137...

CVE-2024-27975

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-25000

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-24992

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-23535

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-24994

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-27984

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service...

CVE-2024-22439 Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass

A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure...

CVE-2024-22439 Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass

A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

CVE-2024-29237

CVE-2024-29237 describes an SQL injection vulnerability in the ActionRule.Delete webapi component of Synology Surveillance Station. The issue affects versions prior to 9.2.0-11289 and 9.2.0-9289. When exploited by a remote authenticated attacker, it could allow reading data from the database cont...

CVE-2024-29232

Synology Surveillance Station is affected by an SQL injection in the Alert.Enum webapi component. The issue allows remote authenticated users to read non-sensitive data from the database and can cause a limited denial-of-service, with impact described as read data and partial service disruption. ...

PT-2024-9410 · Synology · Synology Surveillance Station

Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289 Description: The issue is related to an incorrect authorization vulnerability in the Alert.Setting webapi component. This allows remote authenticated users to perform...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote authentication attack due to Kubernetes Scheduler code ( CVE-2023-5528 )

Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details CVEID:CVE-2023-5528 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system, caused...

Cisco 8800 Series IP Phone Directory Traversal (CVE-2016-1434)

The license-certificate upload functionality on Cisco 8800 phones with software 11.01 allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2024-22397

This CVE affects SonicOS SSLVPN Portal (SonicWall) and is a Stored Cross-Site Scripting flaw. Root cause: improper neutralization of input during web page generation. Impact: an authenticated remote attacker with firewall admin privileges can store and execute arbitrary JavaScript in the context ...

CVE-2024-26313

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data...

CVE-2023-46172

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. IBM X-Force ID: 269409...

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...