Lucene search
K

87 matches found

NVD
NVD
added 2025/01/07 4:15 p.m.15 views

CVE-2022-22363

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS0.00771EPSS
Exploits0References1
NVD
NVD
added 2025/01/03 3:15 p.m.18 views

CVE-2024-5591

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/10 12:11 a.m.11 views

CVE-2024-47578 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side...

9.1CVSS6.7AI score0.00874EPSS
Exploits0References2
CVE
CVE
added 2024/12/03 5:12 p.m.79 views

CVE-2024-25020

CVE-2024-25020 affects IBM Cognos Controller 11.0.0 and 11.0.1, where uploading attachments on the Journal entry page allows unrestricted filetypes, enabling attackers to upload malicious executables that could be used against victims. The issue is documented across multiple sources linked to the...

9.8CVSS5.4AI score0.00275EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.13 views

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-2826)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...

3.6CVSS6.7AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2024/11/01 5:15 p.m.29 views

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

5.3CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 2024/10/08 9:15 a.m.5 views

CVE-2023-52952

A vulnerability has been identified in HiMed Cockpit 12 pro J31032-K2017-H259 All versions = V11.5.1 = V11.5.1 = V11.5.1 = V11.5.1 V11.6.2. The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to...

9.3CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 3:15 a.m.25 views

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

4.3CVSS0.00408EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/11 12:0 a.m.13 views

The vulnerability of the ext4_mbgenerate_buddy() function in the fs/ext4/mballoc.c file of the Linux kernel’s file system ext4 allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ext4 file system kernel in Linux operating systems is related to the use of memory after it is freed due to competitive access to resources race condition. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...

6.4CVSS6.2AI score0.00278EPSS
Exploits0References38Affected Software4
Cvelist
Cvelist
added 2023/12/28 7:3 a.m.19 views

CVE-2023-45701 HCL Launch is susceptible to sensitive information disclosure

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS6.4AI score0.00484EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/10 3:23 a.m.24 views

Improper Access Control

ceph is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to upload malicious files to any bucket accessible by the specified access key. This could allow the attacker to compromise the data stored in the bucket, or to launch further attacks against the system...

6.5CVSS6.7AI score0.02539EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/22 7:16 p.m.5 views

AZL-28051 CVE-2022-48063 affecting package binutils for versions less than 2.37-10

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function loadseparatedebugfiles at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

5.5CVSS6.3AI score0.00483EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/15 6:39 p.m.17 views

CVE-2023-22876 IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364...

4.3CVSS6AI score0.0054EPSS
Exploits0References2
CNVD
CNVD
added 2023/01/04 12:0 a.m.18 views

Tenda A15 wepkey parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda A15 wepkey parameter, which originates from the lack of length checking of input data in the wepkey parameter of /goform/WifiBasicSet, and can be exploited by an attacker to execute...

9.8CVSS9.8AI score0.00873EPSS
Exploits1References1
Veracode
Veracode
added 2022/12/29 9:5 a.m.75 views

Remote Code Execution (RCE)

binwalk is vulnerable to remote code execution. A remote attacker is able to upload and execute malicious code on the system under attack via the affected file src/binwalk/modules/extractor.py of the component Archive Extraction Handler...

6.5CVSS4.8AI score0.01933EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.26 views

CVE-2022-47926

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fstdel.inc.php...

9.6AI score0.0079EPSS
Exploits1References1
Prion
Prion
added 2022/11/03 8:15 p.m.21 views

Information disclosure

"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292."...

5CVSS4.9AI score0.0029EPSS
Exploits0References2Affected Software3
Securelist
Securelist
added 2022/09/28 8:0 a.m.28 views

Prilex: the pricey prickle credit card complex

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that...

0.4AI score
Exploits0
Veracode
Veracode
added 2022/09/18 4:26 p.m.18 views

Remote Code Execution

ffmpeg is vulnerable to remote code execution. The size calculation in buildopengopkeypoints goes through all entries in the loop and adds sc-cttsdatai.count to sc-sampleoffsetscount leading to an integer overflow resulting in a small allocation with avcalloc, which allows an attacker to upload a...

9CVSS8.2AI score0.00612EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/16 7:26 p.m.23 views

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

8.6CVSS7.8AI score0.01475EPSS
Exploits1References7
Rows per page
Query Builder