CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/01/23 3:15 a.m.•4 views

CVE-2024-42186

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

2.8CVSS0.00051EPSS

NVD•added 2025/01/23 3:15 a.m.•2 views

CVE-2024-42185

BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access...

2.5CVSS0.0006EPSS

CVE•added 2025/01/23 2:53 a.m.•41 views

CVE-2024-42187

CVE-2024-42187 affects BigFix Patch Download Plug-ins with a path traversal vulnerability that could allow operators to download files from a local repository. The NVD entry provides CVSS 3.1: Local attack vector, high access complexity, low privileges required, user interaction needed, with a co...

5.3CVSS5.2AI score0.00068EPSS

NVD•added 2025/01/23 2:15 a.m.•7 views

CVE-2024-42183

BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls...

2.5CVSS0.00077EPSS

CVE•added 2025/01/23 2:10 a.m.•43 views

CVE-2024-42185

Technical details such as affected products, versions, and fixes for CVE-2024-42185 are not publicly provided in the connected documents. Monitor for updates from NVD, CVE List, and vendor advisories to obtain concrete information.

2.5CVSS4.1AI score0.0006EPSS

CVE•added 2025/01/23 1:59 a.m.•41 views

CVE-2024-42184

CVE-2024-42184 affects the BigFix Patch Download Plug-ins. The vulnerability arises from insecure support for the file:// URI scheme in the plug-ins, which could allow a user with local access to attempt to download files via file:// links. The available connected sources confirm the affected pro...

2.5CVSS3.8AI score0.00105EPSS

CVE•added 2025/01/23 1:42 a.m.•44 views

CVE-2024-42183

CVE-2024-42183 affects HCL BigFix Patch Download Plug-ins. The vulnerability allows arbitrary file download from arbitrary URLs due to insufficient validation/allowlist controls, potentially enabling a malicious operator to fetch files without proper checks. The documented CVSS v3.1 metrics indic...

2.5CVSS4AI score0.00077EPSS

NVD•added 2025/01/23 1:15 a.m.•7 views

CVE-2024-42182

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

2.5CVSS0.00085EPSS

2.5CVSS6.7AI score0.00105EPSS

HCL BigFix Patch Management 安全漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation, USA, designed to help organizations effectively manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management...

2.5CVSS7.1AI score0.0006EPSS

HCL BigFix Patch Management 代码问题漏洞

5.3CVSS6.8AI score0.00068EPSS

HCL BigFix Patch Management 路径遍历漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation that helps organizations efficiently manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management that stems...

2.5CVSS6.8AI score0.00085EPSS

HCL BigFix Patch Management 代码问题漏洞