CVE-2024-31082 vulnerabilities

Vulnerabilities for packages: xorg-server...

CVE-2024-23540 HCL BigFix Inventory is vulnerable to path traversal

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file...

Denial Of Service

codeigniter4/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation in the formatMessage function within the language, allowing an attacker to consume a large amount of memory on the server...

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 vul check tools This vulnerability allows an at...

CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

FoF Pretty Mail 1.1.2 Server-Side Template Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Server-Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Descriptio...

Premmerce Permalink Manager for WooCommerce < 2.3.11 - Unauthenticated Local File Inclusion

Description The Premmerce Permalink Manager for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

Denial of service via regular expression

Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198 - JetBrains TeamCity Authentication Bypass Jet...

BIT-PHP-2023-0662 DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

BIT-JUPYTER-NOTEBOOK-2022-29238 Forced Browsing in Jupyter Notebook

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024)

Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

The vulnerability of the centralized endpoint security management tools—WithSecure Client Security, WithSecure Server Security, WithSecure Email and Server Security, WithSecure Elements Endpoint Protection, WithSecure Linux Security, WithSecure Linux Protection, WithSecure Atlant—is related to insufficient validation of input data. This allows attackers to trigger a Denial-of-Service attack.

The vulnerability of the centralized endpoint security management tools—WithSecure Client Security, WithSecure Server Security, WithSecure Email and Server Security, WithSecure Elements Endpoint Protection, WithSecure Linux Security, WithSecure Linux Protection, and WithSecure Atlant—is related t...

CVE-2024-0403

Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages: xorg-server...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages: xorg-server...

CVE-2024-27359

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protectio...

WithSecure products Security breaches

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products, which stems from the fact that the engine scanning program may enter an infinite loop when processing archived files, resulting in a denial of service. T...

CVE-2024-27359

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protectio...