CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6599 matches found

IBM Security Bulletins•added 2024/07/03 8:6 p.m.•24 views

Security Bulletin: Denial of service and security restrictions bypass might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2024-27351, CVE-2024-34064, CVE-2024-32879, CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION:...

7.5CVSS7.6AI score0.01854EPSS

Exploits0Affected Software1

Tenable Nessus•added 2024/07/01 12:0 a.m.•15 views

GLSA-202407-05 : SSSD: Command Injection

The remote host is affected by the vulnerability described in GLSA-202407-05 SSSD: Command Injection A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux...

9.3CVSS6.5AI score0.02524EPSS

Exploits0References3

OSV•added 2024/06/28 3:28 p.m.•8 views

GO-2024-2530 Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd...

7.4AI score

Exploits0References1

Debian CVE•added 2024/06/27 12:0 a.m.•18 views

CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

6.3CVSS6.2AI score0.00421EPSS

Exploits0

CVE•added 2024/06/27 12:0 a.m.•59 views

CVE-2024-28820

CVE-2024-28820 concerns the Three Rings OpenVPN LDAP plugin (openvpn-auth-ldap) 2.0.4. The flaw is a buffer overflow in extract_openvpn_cr (openvpn-cr.c) when handling the challenge/response password field; an attacker with a valid LDAP username who can control that field can supply input with mo...

6.3CVSS7.6AI score0.00421EPSS

Exploits0References2

Cvelist•added 2024/06/27 12:0 a.m.•28 views

CVE-2024-28820

0.00421EPSS

Exploits0References2

AlpineLinux•added 2024/06/27 12:0 a.m.•16 views

CVE-2024-28820

6.3CVSS7.6AI score0.00421EPSS

Exploits0

Cvelist•added 2024/06/26 3:19 p.m.•21 views

CVE-2024-38272 Auth Bypass in Quick Share

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We...

7.1CVSS0.00212EPSS

Exploits0References2

CVE•added 2024/06/26 3:19 p.m.•77 views

CVE-2024-38272

CVE-2024-38272 affects Google's Quick Share (Windows) where an attacker can bypass the Accept File dialog, enabling a transfer without recipient consent. The vulnerability is described as an auth bypass in Quick Share for Windows; the issue is fixed in version 1.0.1724.0 and later. Connected sour...

7.1CVSS4.7AI score0.00212EPSS

Exploits0References2Affected Software1

OSV•added 2024/06/25 7:47 p.m.•17 views

GO-2024-2947 Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log file...

6CVSS6.5AI score0.00358EPSS

Exploits0References3