Juniper Junos OS Multiple Vulnerabilities (JSA88136)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88136 advisory. - An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon evo- pfemand of Juniper Networks Junos OS Evolved allows an...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

Airlift.microsoft.com Elevation of Privilege Vulnerability

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network...

PT-2024-33326 · Airlift · Airlift

Name of the Vulnerable Software and Affected Versions: Airlift affected versions not specified Description: The issue allows an authorized attacker to elevate privileges over a network by exploiting an authentication bypass vulnerability based on assumed-immutable data. Recommendations: At the...

VulnCheck KEV: CVE-2024-5910

Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...

Exploit for Injection in Oracle Agile_Plm

针对 loj4j2 CVE-2021-44228 漏洞的研究 实验平台 - VirtualBox 7.0.12 r159484 Qt5.15.2 - Attacker kali - 网络地址转换（NAT） - host-only 网络 192.168.56.101 - Victim kali 2023.3 - 网络地址转换（NAT） - host-only 网络 192.168.56.112 实验任务 - - x 搭建实验平台 - - x 漏洞存在性验证 以 loj4j2 CVE-2021-44228 为例 - - x 漏洞可利用验证 以 loj4j2 CVE-2021-44228 为例...

Fortinet Fortigate (FG-IR-21-155)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-155 advisory. - An integer overflow / wraparound vulnerability CWE-190 in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x;...

CVE-2024-21199

...

CVE-2024-21134

...

OESA-2024-2265 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful...

CVE-2024-7755

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

CVE-2024-38190

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...

CVE-2024-38190

CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...

CVE-2024-38139

Microsoft Dataverse contains an elevation of privilege vulnerability due to improper authentication. An authorized attacker could elevate privileges over the network. Affected component/function is Dataverse authentication/auth checks. Underlying impact includes high confidentiality and integrity...

AZL-50381 CVE-2024-21231 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

UBUNTU-CVE-2024-21230

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...