Lucene search
K

11644 matches found

RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.1 views

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

9.8CVSS7.8AI score0.03519EPSS
Exploits1References6
CVE
CVE
added 2024/11/25 12:0 a.m.59 views

CVE-2024-52787

Vulnerability summary: Libre-chat v0.0.6 is affected by a path traversal flaw in the upload_documents method. By supplying a crafted filename in an uploaded file, an attacker can traverse the filesystem. This is corroborated by multiple sources (Red Hat CVE entry, GHSA advisory, Veracode summary,...

9.1CVSS6.7AI score0.00762EPSS
Exploits0References4
OSV
OSV
added 2024/11/24 5:15 p.m.4 views

DEBIAN-CVE-2024-53901

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim method is called on a crafted input image...

5.5CVSS5.9AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2024/11/24 5:15 p.m.2 views

UBUNTU-CVE-2024-53901

The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim method is called on a crafted input image...

5.5CVSS6.1AI score0.00379EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/24 12:0 a.m.5 views

PT-2024-35971 · Imager +1 · Imager +1

Name of the Vulnerable Software and Affected Versions: Imager package versions prior to 1.025 Description: The issue is a heap-based buffer overflow that can lead to denial of service or possibly other unspecified impacts when the trim method is called on a crafted input image. Recommendations: F...

5.5CVSS7.6AI score0.00379EPSS
Exploits1References18
Hacker One
Hacker One
added 2024/11/23 12:50 a.m.161 views

Mozilla: Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org

A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by processing the X-HTTP-Method-Override header, which was honored by the origin server and treated the...

6.9AI score
Exploits0
NVD
NVD
added 2024/11/22 8:15 p.m.16 views

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS0.01854EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.22 views

CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS9.1AI score0.01129EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.46 views

CVE-2023-51645

CVE-2023-51645 affects Allegra via unzipFile directory traversal that enables remote code execution. Root cause: improper validation of user-supplied paths used in file operations. Impact: code execution in the LOCAL SERVICE context. Authentication is required to exploit, but bypass is possible p...

7.2CVSS7.5AI score0.0179EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/11/22 7:51 a.m.6 views

Unauthorized Method Execution

twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...

2.2CVSS6.9AI score0.0044EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2024/11/21 8:15 p.m.18 views

CVE-2024-51365

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-34609 · Visicut · Visicut

Name of the Vulnerable Software and Affected Versions: VisiCut version 2.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted Zip file, exploiting an arbitrary file upload vulnerability in the importSettings method. Recommendations: For VisiCut version 2.1,...

9.8CVSS8.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.14 views

Adobe Acrobat < 10.1.16 / 11.0.13 / 2015.006.30094 / 2015.009.20069 Multiple Vulnerabilities (APSB15-24) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 10.1.16, 11.0.13, 2015.006.30094, or 2015.009.20069. It is, therefore, affected by multiple vulnerabilities. - The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before...

10CVSS5.9AI score0.23389EPSS
Exploits2References59
OSV
OSV
added 2024/11/20 9:15 p.m.4 views

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

9.8CVSS5.8AI score0.00618EPSS
Exploits0References3
NVD
NVD
added 2024/11/20 10:15 a.m.18 views

CVE-2024-11494

UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...

7.5CVSS0.00667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/20 9:36 a.m.12 views

CVE-2024-11494

UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...

7.5CVSS6.9AI score0.00667EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/20 9:36 a.m.14 views

CVE-2024-11494

UNSUPPORTED WHEN ASSIGNED The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method...

7.5CVSS0.00667EPSS
Exploits1References1
CVE
CVE
added 2024/11/20 9:36 a.m.57 views

CVE-2024-11494

CVE-2024-11494 affects Zyxel P-6101C ADSL modem, specifically firmware version P-6101CSA6AP_20140331. The vulnerability is described as improper authentication that could allow an unauthenticated attacker to read certain device information via a crafted HTTP HEAD request. The CVSS 3.1 vector is N...

7.5CVSS6.9AI score0.00667EPSS
Exploits1References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/11/20 12:0 a.m.10 views

Microsoft SharePoint Server FindSpecific Unsafe Reflection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific method. The process does not properly...

7.2CVSS7.1AI score0.50835EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.11 views

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

6.9AI score0.00618EPSS
Exploits0References2
Rows per page
Query Builder