Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2024/11/15 4:37 p.m.14 views

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

4.3CVSS0.00818EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 4:36 p.m.30 views

CVE-2021-1482 Cisco SD-WAN vManage Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An...

6.4CVSS0.00608EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:12 p.m.13 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot

Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...

6.5CVSS6.8AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 2:0 p.m.17 views

Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...

7.5CVSS7.9AI score0.00925EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/11/13 6:59 a.m.38 views

CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center

h3. Issue Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the...

7.5CVSS6.6AI score0.54862EPSS
Exploits6
NVD
NVD
added 2024/11/12 7:15 p.m.27 views

CVE-2024-33505

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...

7.3CVSS0.00464EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 7:15 p.m.21 views

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

8.1CVSS0.00381EPSS
Exploits0References1
CVE
CVE
added 2024/11/12 6:53 p.m.46 views

CVE-2024-33505

CVE-2024-33505 affects Fortinet FortiAnalyzer and FortiManager. The issue is a heap-based buffer overflow in the CLI that can allow a remote attacker to escalate privileges through specially crafted HTTP requests. Affected ranges include FortiAnalyzer: 6.4.0–6.4.14, 7.0.0–7.0.12, 7.2.0–7.2.5, 7.4...

7.3CVSS7.8AI score0.00464EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2024/11/12 6:53 p.m.14 views

CVE-2024-33505

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...

5.6CVSS0.00464EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/12 6:53 p.m.11 views

CVE-2024-33505

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...

5.6CVSS7.7AI score0.00464EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/12 6:53 p.m.17 views

CVE-2023-44255

An exposure of sensitive information to an unauthorized actor CWE-200 in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP o...

4.1CVSS6.3AI score0.00538EPSS
Exploits0References1
CVE
CVE
added 2024/11/12 6:53 p.m.50 views

CVE-2023-44255

Fortinet CVE-2023-44255 affects FortiManager (before 7.4.2), FortiAnalyzer (before 7.4.2), and FortiAnalyzer-BigData (before 7.2.5). The root cause is insufficient access control, allowing a privileged attacker with administrative read permissions to read event logs of another ADOM via crafted HT...

4.1CVSS6.4AI score0.00538EPSS
Exploits0References1Affected Software3
Veracode
Veracode
added 2024/11/12 11:8 a.m.5 views

Path Traversal

github.com/hashicorp/consul is vulnerable to Path Traversal. The vulnerability is due to the bypass of HTTP request path-based access rules when using URL paths in L7 traffic intentions, allowing unauthorized access in specific scenarios...

8.1CVSS6.6AI score0.00725EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/12 9:38 a.m.3 views

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

7.5CVSS7.3AI score0.01414EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/11/11 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2024-0347)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.8AI score0.01141EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/11/08 12:0 a.m.4 views

The vulnerability in the web interface of Cisco Unified Industrial Wireless network devices’ Cisco Ultra-Reliable Wireless Backhaul software allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the Cisco Unified Industrial Wireless network device management web interface for Cisco Ultra-Reliable Wireless Backhaul URWB is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a...

10CVSS8.5AI score0.03146EPSS
Exploits0References2Affected Software3
NVD
NVD
added 2024/11/07 12:15 p.m.19 views

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

8CVSS0.00396EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/07 11:25 a.m.20 views

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

8CVSS7.6AI score0.00396EPSS
Exploits0References1
CVE
CVE
added 2024/11/07 11:25 a.m.78 views

CVE-2024-24914

The CVE-2024-24914 issue affects Check Point Gaia Portal (Gaia Platform). Authenticated Gaia users can inject code/commands via global variables in special HTTP requests due to unprotected global variables handling in the TCL process. The vulnerability is mitigated by a security fix, with the pat...

8CVSS8.2AI score0.00396EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/07 11:25 a.m.28 views

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

8CVSS0.00396EPSS
Exploits0References1
Rows per page
Query Builder