Lucene search

K

ALL NIPPON AIRWAYS CO., LTD Security Vulnerabilities

cvelist
cvelist

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

6.9AI Score

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-07 01:15 AM
7
cve
cve

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
28
nessus
nessus

OpenSSL 1.1.1 < 1.1.1d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1d advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

5.3CVSS

5.8AI Score

0.015EPSS

2019-08-23 12:00 AM
299
nessus
nessus

RHEL 8 : grafana-pcp (RHSA-2024:1644)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1644 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-04-02 12:00 AM
9
nessus
nessus

ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure

It was possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm (as in...

6.5AI Score

0.018EPSS

2003-03-15 12:00 AM
164
cve
cve

CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

4.8CVSS

5.3AI Score

0.0005EPSS

2023-09-13 09:15 AM
216
nvd
nvd

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

9.8CVSS

10AI Score

0.001EPSS

2023-10-10 06:15 PM
cve
cve

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

10CVSS

9.8AI Score

0.001EPSS

2023-10-10 06:15 PM
17
nvd
nvd

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

9.1AI Score

0.003EPSS

2020-07-30 04:15 PM
cve
cve

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as...

7.2AI Score

0.0004EPSS

2024-06-03 07:15 PM
311
2
cve
cve

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

8.9AI Score

0.003EPSS

2020-07-30 04:15 PM
25
openvas
openvas

Microsoft Exchange Public Folders Information Leak

Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...

6.3AI Score

0.015EPSS

2005-11-03 12:00 AM
9
nessus
nessus

DNN (DotNetNuke) < 3.0.12 Multiple XSS

The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script...

6.7AI Score

0.008EPSS

2005-06-16 12:00 AM
23
nvd
nvd

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

6.3AI Score

0.0004EPSS

2024-05-03 02:15 PM
1
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2566)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2566 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-30 12:00 AM
8
ibm
ibm

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...

6.2AI Score

2024-05-13 03:07 PM
8
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.73 - Reflected Cross-Site Scripting via search_term

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
openbugbounty
openbugbounty

co-players.gr Improper Access Control vulnerability OBB-3832213

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-01-11 06:30 PM
6
cve
cve

CVE-2024-28094

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database...

8.8CVSS

9AI Score

0.0004EPSS

2024-03-07 04:15 AM
29
nvd
nvd

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

0.001EPSS

2022-12-31 04:15 PM
cve
cve

CVE-2024-28095

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-03-07 04:15 AM
28
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-28 12:00 AM
cve
cve

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

6AI Score

0.001EPSS

2022-12-31 04:15 PM
52
ubuntucve
ubuntucve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
cve
cve

CVE-2024-28096

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...

7.3CVSS

6.7AI Score

0.0004EPSS

2024-03-07 04:15 AM
33
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2213)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2213 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

6CVSS

6.4AI Score

0.0004EPSS

2024-04-30 12:00 AM
2
nessus
nessus

RHEL 7 : pcp (RHSA-2020:3869)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3869 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level...

8.4CVSS

8.2AI Score

0.001EPSS

2020-09-29 12:00 AM
11
cnvd
cnvd

Command Execution Vulnerability in Dahua EIMS System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Dahua EIMS system of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to gain server...

7.5AI Score

2024-03-06 12:00 AM
13
osv
osv

CVE-2023-31145

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...

6.1CVSS

6AI Score

0.001EPSS

2023-05-15 09:15 PM
6
cve
cve

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

6.7AI Score

0.0004EPSS

2024-05-14 03:39 PM
5
debiancve
debiancve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 07:15 AM
4
openbugbounty
openbugbounty

co-2.ch Cross Site Scripting vulnerability OBB-3831720

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-11 08:52 AM
8
nvd
nvd

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.4AI Score

0.0004EPSS

2024-05-20 10:15 AM
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.5.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

5.8AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
nvd
nvd

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
cve
cve

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
26
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3325 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
5
nvd
nvd

CVE-2023-34286

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34299

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3323)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3323 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2024-31406

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...

6.9AI Score

0.0004EPSS

2024-04-24 06:15 AM
31
nvd
nvd

CVE-2023-34302

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34287

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3321)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3321 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2022-28652

~/.config/apport/settings parsing is vulnerable to "billion laughs"...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:15 PM
166
2
cve
cve

CVE-2022-28656

is_closing_session() allows users to consume RAM in the Apport...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 10:15 PM
15
Total number of security vulnerabilities15434