148 matches found
CVE-2021-1059
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior...
CVE-2021-1066
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2020-5987
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or...
CVE-2020-5988
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x prior to 8.5, version 10.x prior to 10.4 and version 11.0...
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs...
Learning Digital Orca HCM 访问控制错误漏洞
Learning Digital Orca HCM is a digital learning platform from China-based Learning Digital. An access control error vulnerability exists in Learning Digital Orca HCM prior to version 11.0, which arises from improperly restricting access to a specific feature, which could allow an unauthenticated,...
openSUSE SEoL (11.0.x)
According to its version, openSUSE is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...
Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...
PT-2024-21103 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions =11.0 Description: The issue allows a remote, unauthenticated attacker to craft a URL that, when clicked, could generate a message enticing an unsuspecting victim to visit an arbitrary website, simplifying...
HCL BigFix Server 9.5.x < 9.5.24 / 10.0.x < 10.0.10 / 11.0.x < 11.0.1 Multiple Vulnerabilities (KB0110209)
The version of HCL BigFix Server installed on the remote host is 9.5.x prior to 9.5.24, 10.0.x prior to 10.0.10 or 11.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the KB0110209 advisory. - Heap-based buffer overflow vulnerability in the SOCKS5 proxy...
GHSA-36CM-H8GV-MG97 RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the salaries module. In addition, the file names contain a date in a YYYY-MM-DD format and a random six-string digit, making enumerating file names with automated tools...
Piwigo 11.0.x < 13.6.0 SQLi Vulnerability
Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...
Gluster GlusterFS 缓冲区错误漏洞
GlusterFS is the file system for Gluster by Gluster, Inc. A security vulnerability exists in Gluster GlusterFS version 11.0, which has a source of a stack buffer overflow in glusterfs/xlators/mount/fuse/src/fuse-bridge.c. The vulnerability is caused by the presence of a stack buffer overflow...
SugarCRM 11.0.x < 11.0.5, 12.0.x < 12.0.2 RCE Vulnerability
SugarCRM is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm...
GitLab 11.0.0 < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Information Disclosure Vulnerability
GitLab is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...
GHSA-JH69-6VV2-WFP5 Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management Hub is affected by a user password being stored in plain text vulnerability (CVE-2017-1309)
Summary IBM InfoSphere Master Data Management Reference Data Management Hub has addressed the following vulnerability. IBM InfoSphere Master Data Management Reference Data Management Hub stores user credentials in plain text which can be read by a local user. Vulnerability Details CVEID:...
Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424)
Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation. Vulnerability Details CVEID: CVE-2014-7424 DESCRIPTION: Provide sufficient details for someone to tell if they have the problem, but not enough detail that someone with malicious intent...
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
Zoho ManageEngine ServiceDesk Plus versions 11.3 before 11302, 11.2 before 11208, 11.1 before 11145 and 11.0 before 11012 are vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Note that Nessus has not tested for this issue but has instead relied only on t...