Lucene search
K

2293 matches found

Cvelist
Cvelist
added 2024/08/02 10:36 a.m.22 views

CVE-2024-7323 Digiwin EasyFlow .NET - Arbitrary File Download

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server...

6.5CVSS0.00599EPSS
Exploits0References2
OSV
OSV
added 2024/07/31 10:55 p.m.6 views

GO-2024-3012 Malicious code in github.com/PromonLogicalis/asn1

Version 7bdca06d0edf of the github.com/PromonLogicalis/asn1 module contains malicious code which downloads a program from a remote web server and executes it...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/31 1:8 p.m.23 views

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEVPOPPER and linked to North Korea, has been found to have singled out...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/31 10:20 a.m.25 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 1:14 p.m.43 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.1CVSS6.5AI score0.04134EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 1:13 p.m.79 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9.1AI score0.99957EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 1:12 p.m.19 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35154

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS7.4AI score0.01163EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2024/07/16 10:9 a.m.21 views

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been...

8.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/15 4:19 p.m.32 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/07/15 3:54 p.m.21 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References2
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Reconfigure XenDesktop Desktop Studio when Installed as a Standalone on a Remote Server

When you install Desktop Studio by itself on a remote server, that is, without the controller role installed locally, the first time you start the Desktop Studio Console, you are prompted to select which Desktop Delivery Controller DDC you want to connect, as displayed in the following screen sho...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/07/05 2:0 p.m.409 views

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

7.5CVSS9.8AI score0.7761EPSS
Exploits4
CNVD
CNVD
added 2024/07/04 12:0 a.m.5 views

Mattermost Improper Access Control Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access control vulnerability. An attacker could exploit the vulnerability to cause changes to the profile image of a user belonging to another remote server connecte...

5.3CVSS6.7AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/03 8:29 a.m.25 views

CVE-2024-36257 Lack of permission check when updating the profile picture of a remote user (shared channels enabled)

Mattermost versions 9.5.x = 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious...

2.7CVSS0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access control vulnerability. An attacker could exploit the vulnerability to cause changes to the profile image of a user belonging to another remote server connecte...

5.3CVSS6.8AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/02 7:43 a.m.21 views

CVE-2023-41928 Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices

The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...

5.3CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/02 7:43 a.m.9 views

CVE-2023-41928 Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices

The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...

5.3CVSS5.3AI score0.00133EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 3:9 p.m.55 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...

8.8CVSS7.4AI score0.01433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 8:51 p.m.26 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-37532

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS8.5AI score0.00353EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/06/25 1:15 p.m.23 views

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

7.5CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder