Atlassian Confluence 2.x < 8.5.25 Denial of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 2.x prior to 8.5.25, 9.2.x prior to 9.2.7 or 10.x prior to 10.0.2. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issu...

EUVD-2018-18246

Malware in sbrugna...

EUVD-2017-18169

Malware in sbrugna...

Grafana 9.5.x < 9.5.18 Authorization Bypass Through User-controlled Key

According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.18, or 10.0.x earlier than 10.0.13, or 10.1.x earlier than 10.1.9, or 10.2.x earlier than 10.2.6, or 10.3.x earlier than 10.3.5. It is, therefore, affected by a authorization bypass...

CVE-2020-5987

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or...

CVE-2020-5969

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x prior to 8.4, version 9.x prior to 9.4 and versio...

CVE-2020-5971

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalatio...

CVE-2020-5973

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x prior to 8.4, version 9.x prior to 9.4 and version 10.x prior to 10.3...

CVE-2020-5988

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x prior to 8.5, version 10.x prior to 10.4 and version 11.0...

CVE-2020-5970

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x prior to 8.4, version 9.x prior to 9.4 and version 10.x prior to 10.3...

CVE-2020-5972

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x prior to 8.4, version 9.x prior to 9.4 and version 10.x prior to 10....

CVE-2020-5968

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial ...

CrushFTP 10.x < 10.8.3 / 11.x < 11.3.0 Authentication Bypass

CrushFTP versions 10.x before 10.8.3 and 11.x before 11.3.0 are vulnerable to an authentication bypass vulnerability, allowing a remote and unauthenticated user to gain access to the target CrushFTP instance. No source data...

Drupal PHP Object Injection Vulnerability (SA-CORE-2024-008) - Linux

Drupal is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

CVE-2024-48926

CVE-2024-48926 affects Umbraco CMS. The issue is an insufficient session expiration in the Backoffice where the logout page shows a timeout message ~30 seconds before the server session expires. Affected versions: 13.x prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. Patches are p...

CVE-2024-48926 Umbraco CMS logout page displayed before session expiration

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server...

TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-007)

TYPO3 is prone to an information disclosure vulnerability SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

PostgreSQL 10.x < 10.22, 11.x < 11.17, 12.x < 12.12, 13.x < 13.8, 14.x < 14.5 Extension Vulnerability - Windows

PostgreSQL is prone to a vulnerability where extension scripts replace objects not belonging to the extension. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...