Lucene search
K

1388 matches found

BDU FSTEC
BDU FSTEC
added 2024/01/17 12:0 a.m.6 views

The vulnerability of the Host KVM Daemon on the BMC – Baseboard Management Controller of the NVIDIA DGX A100 server allows a attacker to gain access to read, modify, or delete data, execute arbitrary code, or cause a service failure.

The vulnerability of the NVIDIA DGX A100 server’s Host KVM Daemon, a device management controller, lies in the fact that operation data is written outside of the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to read, modify, or delete data, execute arbitrary...

9.3CVSS8.2AI score0.00603EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/16 10:15 p.m.4 views

DEBIAN-CVE-2024-20932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easi...

7.5CVSS6AI score0.00782EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-1212 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications in Oracle E-Business Suite. This can be...

6.4CVSS7.5AI score0.00308EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.6 views

PT-2024-13390 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in Graph...

7.5CVSS6.8AI score0.00732EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.3 views

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to access sensitive data within the export package or perform remote...

8.8CVSS8AI score0.00541EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/21 11:15 a.m.3 views

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

7.5CVSS7.1AI score0.00274EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

5.3CVSS7AI score0.21657EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2023/12/15 12:0 a.m.7 views

The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.

The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...

7.8CVSS7.2AI score0.02863EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/08 8:15 p.m.4 views

CVE-2023-46495

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...

6.1CVSS5.8AI score0.00494EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/08 8:15 p.m.5 views

CVE-2023-46497

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint...

5.4CVSS5.8AI score0.00793EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.2 views

PT-2023-9062 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Campaign LOV component of the Oracle Marketing product. This can allow a remote attacker to gain unauthorized...

7.8CVSS7.4AI score0.00609EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.5 views

PT-2023-9573 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Common Components component in Oracle Financials, part of the Oracle E-Business Suite. This can allo...

8.5CVSS8.2AI score0.00436EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...

7.5CVSS7.1AI score0.10562EPSS
Exploits4References1
OSV
OSV
added 2023/11/30 2:15 p.m.4 views

CVE-2023-6414

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

7.5CVSS5.8AI score0.00831EPSS
Exploits0References1
OSV
OSV
added 2023/11/27 9:15 p.m.2 views

CVE-2023-49030

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component...

7.5CVSS5.9AI score0.00934EPSS
Exploits1References3
OSV
OSV
added 2023/11/17 6:15 p.m.6 views

CVE-2023-48185

Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request...

7.5CVSS5.8AI score0.01338EPSS
Exploits0References2
Prion
Prion
added 2023/11/17 5:15 a.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system...

5.8CVSS7.4AI score0.00351EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.3 views

The vulnerabilities of the ProcXIChangeProperty and ProcXChangeDeviceProperty functions in the X Window System X.Org Server, as well as those in the Wayland protocol for X.Org XWayland, allow attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIChangeProperty and ProcXChangeDeviceProperty functions in the X Window System X.Org Server, as well as the Wayland protocol for X.Org and XWayland, is related to reading data from beyond the allowed buffer limits. Exploiting this vulnerability allows a remote attack...

9CVSS7.2AI score0.02685EPSS
Exploits0References11Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.3 views

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, which is part of the X.Org Server for the X Window System, allows a intruder to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, implemented by the X.Org Server, is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity...

9CVSS7.6AI score0.02516EPSS
Exploits0References10Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the lack of protective measures for web page structures, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS7.6AI score0.00964EPSS
Exploits0References8Affected Software4
Rows per page
Query Builder