Lucene search
K

1386 matches found

CVE
CVE
added 2024/11/11 11:32 p.m.308 views

CVE-2024-11079

CVE-2024-11079 : In Ansible-Core, a bypass of unsafe-content protections via the hostvars object can lead to arbitrary code execution if templating data from remote sources or module outputs is unsafe. The description explicitly states the risk of executing templated content when hostvars is used...

5.5CVSS6.2AI score0.00502EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/11 11:32 p.m.22 views

CVE-2024-11079 Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS0.00502EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/11 11:32 p.m.13 views

CVE-2024-11079 Ansible-core: unsafe tagging bypass via hostvars object in ansible-core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS7.8AI score0.00502EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/11/11 12:30 p.m.14 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...

5.5CVSS8.1AI score0.00502EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.4 views

The vulnerability of DrayTek Vigor router microprogramming software, related to insufficiently secure data encryption, allows attackers to disclose protected information and perform a “Man-in-the-Middle” attack.

The vulnerability of DrayTek Vigor router microprogramming software is related to insufficiently robust data encryption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information and carry out a Middleware Incident Response Team MITM attack...

7.8CVSS5.8AI score0.00267EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.5 views

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, relates to deficiencies in access control. This vulnerability allows a malicious actor to delete data from the KV Store (Key Value Store).

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in access control to the KV Store Key Value Store. Exploiting this vulnerability could...

4.3CVSS5.4AI score0.00349EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2024/10/16 3:16 p.m.8 views

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

3.7CVSS7.4AI score0.00827EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/16 12:25 p.m.4 views

JDK: Integer conversion error leads to incorrect range check (8332644)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...

4.8CVSS7.4AI score0.0095EPSS
Exploits0References4
OSV
OSV
added 2024/10/15 8:15 p.m.2 views

DEBIAN-CVE-2024-21210

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

3.7CVSS6AI score0.00827EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-7007 · Oracle · Oracle Product Hub +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Item Catalog component of Oracle Product Hub, which can be exploited by a low-privileged attacker with network access via HTTP...

8.5CVSS8AI score0.00422EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.2 views

PCS Engineering com.prestoncinema.app 安全漏洞

PCS Engineering com.prestoncinema.app is a driver from PCS Engineering. A security vulnerability exists in PCS Engineering com.prestoncinema.app version 0.2.0. A remote attacker could exploit the vulnerability to obtain sensitive information through the firmware update process...

7.5CVSS6.4AI score0.00512EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.1 views

INATRONIC com.inatronic.bmw 安全漏洞

INATRONIC com.inatronic.bmw is a driver from INATRONIC. A security vulnerability exists in INATRONIC com.inatronic.bmw version 2.7.1. A remote attacker could exploit the vulnerability to obtain sensitive information through the firmware update process...

5.9CVSS6.4AI score0.00299EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.3 views

Creative com.creative.apps.xficonnect 安全漏洞

Creative com.creative.apps.xficonnect is a driver from Creative. A security vulnerability exists in Creative com.creative.apps.xficonnect version 2.00.02. A remote attacker could exploit this vulnerability to obtain sensitive information through the firmware update process...

5.3CVSS6.4AI score0.00279EPSS
Exploits0References3
OSV
OSV
added 2024/10/07 3:15 p.m.2 views

CVE-2024-9574

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

6.5CVSS5.9AI score0.00519EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.5 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.45, which stems from vulnerability to SQL injection attacks that allow a remote user to send a specially crafted query and extract all information...

6.5CVSS7.4AI score0.00279EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.6 views

The vulnerability of Microsoft Edge and Google Chrome browsers, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...

10CVSS7.8AI score0.0048EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.5 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS7.3AI score0.01023EPSS
Exploits0References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.4 views

The vulnerability of the web page rendering module in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Web page rendering module in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS8AI score0.00902EPSS
Exploits0References14Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.5 views

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through process environments, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to information leaks through the process environment. Exploiting these vulnerabilities can allow attackers operating remotely ...

7.8CVSS6.4AI score0.00301EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.5 views

The vulnerability in implementations of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba network communication software package, related to repeated memory release, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerabilities of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba networking software package are related to repeated memory release. Exploiting these vulnerabilities can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS6.4AI score0.01844EPSS
Exploits0References11Affected Software5
Rows per page
Query Builder