Lucene search
K

257 matches found

Github Security Blog
Github Security Blog
added 2024/07/25 12:32 p.m.40 views

Remote code execution in Spring Cloud Data Flow

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...

9.8CVSS9.5AI score0.35211EPSS
Exploits4References3Affected Software1
Chainguard
Chainguard
added 2024/06/05 3:15 p.m.21 views

CVE-2024-5629 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

8.1CVSS6.8AI score0.00663EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.6 views

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic sorting library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS8.2AI score0.02356EPSS
Exploits0References3Affected Software3
Rosalinux
Rosalinux
added 2024/04/17 1:35 p.m.118 views

Advisory ROSA-SA-2024-2400

Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...

9.1CVSS7.7AI score0.05493EPSS
Exploits1
Chainguard
Chainguard
added 2024/04/16 10:15 p.m.21 views

CVE-2024-21102 vulnerabilities

Vulnerabilities for packages: mysql...

4.9CVSS6.6AI score0.01107EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.27 views

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS10AI score0.02862EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.2 views

PT-2024-3122 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code...

10CVSS9.4AI score0.02351EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.3 views

PT-2024-3169 · Microsoft · Odbc Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver for SQL Server affected versions not specified Description: The vulnerability in the Microsoft ODBC Driver for SQL Server is related to an integer overflow. It allows a remote attacker to execute arbitrary code...

10CVSS9.4AI score0.02415EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.5 views

PT-2024-3129 · Microsoft · Ole Db Driver For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft OLE DB Driver for SQL Server, which can be exploited by a remote attacker to execute...

10CVSS9.3AI score0.02268EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/03/11 12:0 a.m.6 views

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to numerical truncation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS8.3AI score0.01628EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:21 a.m.42 views

BIT-GITLAB-2020-13356

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: =8.8.9, =13.4, =13.5, 13.5.2...

8.2CVSS7.9AI score0.01764EPSS
Exploits0References4
NVD
NVD
added 2023/11/14 7:15 p.m.10 views

CVE-2023-27513

Uncontrolled search path element in some IntelR Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00191EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/20 12:0 a.m.7 views

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in the improper restriction on the path name to the restricted directory. This allows attackers to write files to any location within the file system.

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write files to any location within the file system...

6.5CVSS6.5AI score0.01406EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/27 3:30 p.m.24 views

OpenCart Path Traversal vulnerability

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

8.8CVSS8.4AI score0.00848EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/09/27 3:30 p.m.23 views

GHSA-V4J2-CWMM-XG89 OpenCart Path Traversal vulnerability

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

8.1CVSS8.3AI score0.00848EPSS
Exploits1References5
OSV
OSV
added 2023/08/29 12:0 a.m.10 views

DLA-3547-1 tryton-server - security update

Bulletin has no description...

7.2AI score
Exploits0
OSV
OSV
added 2023/08/10 8:9 p.m.22 views

GHSA-PV7Q-V9MV-9MH5 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameterpath. The request parameters are not...

7.5CVSS7.3AI score0.0082EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.5 views

The vulnerability of Cisco BroadWorks server software arises from the lack of measures taken to neutralize specific elements, allowing attackers to elevate their privileges to the root level.

The vulnerability of Cisco BroadWorks server software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

6CVSS6.2AI score0.00192EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/07/25 10:15 p.m.28 views

Cross site scripting

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

5.8CVSS6AI score0.06195EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 9:6 p.m.23 views

CVE-2023-38501 copyparty vulnerable to reflected cross-site scripting via k304 parameter

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

6.3CVSS6.1AI score0.06195EPSS
Exploits3References3
Rows per page
Query Builder