CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5182 matches found

CVE•added 2024/07/09 4:24 a.m.•87 views

CVE-2024-39599

CVE-2024-39599 affects SAP NetWeaver Application Server for ABAP and ABAP Platform. The issue is a protection mechanism failure that allows a developer to bypass the configured malware scanner API due to a programming error. The practical impact is described as low for confidentiality, integrity,...

4.7CVSS4.7AI score0.00034EPSS

Exploits0References2Affected Software1

Fedora•added 2024/07/09 1:55 a.m.•14 views

[SECURITY] Fedora 40 Update: golang-1.22.5-1.fc40

The Go Programming Language...

7.5CVSS6.9AI score0.01018EPSS

Exploits0

Positive Technologies•added 2024/07/09 12:0 a.m.•1 views

PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...

9CVSS6.4AI score0.00773EPSS

Exploits0References10

CNNVD•added 2024/07/09 12:0 a.m.•3 views

Fortinet FortiAIOps 日志信息泄露漏洞

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A log information disclosure vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from an application that does not adequately protect sensitive...

8.8CVSS6.3AI score0.00773EPSS

Exploits0References2

BDU FSTEC•added 2024/07/05 12:0 a.m.•0 views

The vulnerability of the final point of the application programming interface /api/v1/users/{user_name_or_id}/activate, which is part of the Zenml machine learning pipeline creation framework, allows a violator to elevate their privileges.

The vulnerability of the final point of the application software interface/api/v1/users/usernameorid/activate function in the Zenml machine learning pipeline creation framework is related to deficiencies in the access control mechanism. Exploiting this vulnerability could allow an attacker to...

6.5CVSS7.5AI score0.89644EPSS

Exploits1References7Affected Software1

Fedora•added 2024/07/04 1:23 a.m.•10 views

[SECURITY] Fedora 39 Update: libnbd-1.18.5-1.fc39

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

7.3AI score

Exploits0

RedHat Linux•added 2024/07/02 3:43 p.m.•27 views

Moderate: Red Hat Security Advisory: go-toolset security update

An update for go-toolset is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.9AI score0.00172EPSS

Exploits0References4

OSV•added 2024/07/02 12:0 a.m.•26 views

ALSA-2024:4237 Moderate: go-toolset security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-2479...

9.8CVSS9.3AI score0.00172EPSS

Exploits0References6

OSV•added 2024/06/28 11:8 a.m.•2 views

OESA-2024-1772 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...

5.5CVSS6.9AI score0.00007EPSS

Exploits0References2

OSV•added 2024/06/28 11:8 a.m.•3 views

OESA-2024-1770 golang security update

The Go Programming Language. Security Fixes: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.CVE-2024-24790...

9.8CVSS7AI score0.00172EPSS

Exploits0References2

BDU FSTEC•added 2024/06/28 12:0 a.m.•0 views

The vulnerability of ZTE ZXHN H388X router’s micro-programming software, related to improper storage of resolutions, allows attackers to increase their privileges.

The vulnerability of ZTE ZXHN H388X router’s microprogramming software is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created requests...

7.1CVSS5.5AI score0.00098EPSS

Exploits0References3

BDU FSTEC•added 2024/06/28 12:0 a.m.•0 views

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution allows a hacker to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server lies in accessing an active session of another user, by sending calls directly to the API without requiring a password confirmation. Exploiting this vulnerability allows a malicious actor to bypass the authenticatio...

5.5CVSS5.8AI score0.00199EPSS

Exploits0References4Affected Software2

Positive Technologies•added 2024/06/28 12:0 a.m.•2 views

PT-2024-27446

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description It was identified that under certain specific preconditions, an API key that was originally created with specific privileges could be subsequently used to create new API keys that hav...

9.8CVSS5.3AI score0.00393EPSS

Exploits0References3

IBM Security Bulletins•added 2024/06/27 10:33 p.m.•28 views

Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)

Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability XSS in JupyterHub and remote code execution RCE vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service DOS vulnerability and an Information...

8.8CVSS9AI score0.04526EPSS

Exploits0Affected Software1

Tenable Nessus•added 2024/06/27 12:0 a.m.•19 views

RHEL 9 : golang (RHSA-2024:4146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4146 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: unlimited number of...

7.5CVSS7.7AI score0.64852EPSS

Exploits1References6

Spring Engineering•added 2024/06/27 12:0 a.m.•12 views

Spring Tips: Go Further, Faster with Spring Boot 3.3 (UPDATED)

NB: I had an error in the AppCDS demo in the older video. This video supercedes that video, with a re-recorded segment on AppCDS. Make sure you're watching the latest of these two similarly titled videos! Hi, Spring fans! In this installment we look at ways to make your applications go further,...

7.1AI score

Exploits0

Tenable Nessus•added 2024/06/27 12:0 a.m.•134 views

OpenSSL 3.2.0 < 3.2.3 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.2.3. It is, therefore, affected by a vulnerability as referenced in the 3.2.3 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memor...

9.1CVSS7.6AI score0.06873EPSS

Exploits1References3