CentOS 9 : rust-1.71.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the rust-1.71.1-1.el9 build changelog. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1,...

Regular Expression Denial Of Service (ReDoS)

Rails is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient parsing of the Accept header, specifically due to the regular expression used to separate parameters. This potentially leads to Denial of Service DoS attacks. Note that this vulnerability is...

CVE-2024-26464

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2023-7202

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...

Mitsubishi Electric Multiple Factory Automation Products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-F Series Vulnerability : Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

fn-link.com Cross Site Scripting vulnerability OBB-3856791

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-18347 · Sourcecodester · Sourcecodester Complete File Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Complete File Management System version 1.0 Description: A critical vulnerability has been found in the Admin Login Form component of the file /admin/. The manipulation of the username argument with a specific input leads to SQ...

CVE-2024-1749

A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site...

Siemens Location Intelligence Uses Hard-Coded Credentials Vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...

CVE-2024-25260

A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handleverdef function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing...

Commend WS203VICM

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Commend Equipment : WS203VICM Vulnerabilities : Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

GLSA-202402-25 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-25 Mozilla Thunderbird: Multiple Vulnerabilities - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it wa...

GLSA-202402-26 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-26 Mozilla Firefox: Multiple Vulnerabilities - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR...

CVE-2024-20909

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful...

CVE-2024-20903

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

Code injection

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure SEC. Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD...

CVE-2024-20982

CVE-2024-20982 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.35 and prior, 8.2.0 and prior. The vulnerability is exploitable by a high-privilege attacker over the network via multiple protocols and can, per the entry, cause a hang or a frequently repeated crash (complete Do...

CVE-2024-20978

CVE-2024-20978 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL Server versions 8.0.35 and earlier, and 8.2.0 and earlier. Condition: remote, authenticated attacker with network access via multiple protocols can exploit a vulnerability in the Server: Optimizer to cause a hang or f...

CVE-2024-20974

CVE-2024-20974 affects Oracle MySQL Server (Server: Optimizer). Affected: 8.0.35 and prior, 8.2.0 and prior. Vulnerability can enable a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS). CVSS base score 4.9 (Availability). Connected IBM Gu...