Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

osv
osv

BIT-suitecrm-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:39 AM
ubuntucve
ubuntucve

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
nvidia
nvidia

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
41
githubexploit
githubexploit

Exploit for CVE-2023-43208

RCE vulnerability in Mirth Connect (CVE-2023-37679 and...

9.8CVSS

6.5AI Score

0.96EPSS

2024-03-17 08:44 AM
42
githubexploit
githubexploit

Exploit for Command Injection in Nextgen Mirth Connect

RCE vulnerability in Mirth Connect (CVE-2023-37679 and...

9.8CVSS

7.4AI Score

0.038EPSS

2024-03-17 08:44 AM
27
osv
osv

BIT-suitecrm-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
cvelist
cvelist

CVE-2024-2276 Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....

2.4CVSS

3.7AI Score

0.0004EPSS

2024-03-08 12:31 AM
nuclei
nuclei

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application...

8.6CVSS

8.6AI Score

0.909EPSS

2020-10-14 08:49 AM
9
veeam
veeam

Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components

Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...

7.1AI Score

2024-01-30 12:00 AM
7
veeam
veeam

Veeam Service Provider Console – Compile and Upload Management Agent Logs

This article covers how to properly compile your Veeam Availability Console Management Agent...

4AI Score

2018-09-19 12:00 AM
1
osv
osv

BIT-suitecrm-2024-36419

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:36 AM
alpinelinux
alpinelinux

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
5
githubexploit
githubexploit

Exploit for Path Traversal in Wso2 Api Manager

CVE-2022-29464 LOADER Install and execute the app on the...

9.8CVSS

9.8AI Score

0.973EPSS

2022-05-15 08:51 AM
266
osv
osv

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 05:16 PM
osv
osv

BIT-suitecrm-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

6.1AI Score

0.0004EPSS

2024-06-12 07:37 AM
redos
redos

ROS-20240607-01

Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....

9.1CVSS

8.6AI Score

0.029EPSS

2024-06-07 12:00 AM
osv
osv

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

7.3AI Score

2024-05-23 04:59 PM
1
osv
osv

Version rollback attack in github.com/theupdateframework/go-tuf

The TUF client is vulnerable to rollback attacks, in which an attacker causes a client to install software older than the software the client previously knew to be...

8.5AI Score

0.002EPSS

2022-07-01 08:07 PM
4
githubexploit
githubexploit

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164: Apache Struts path traversal to RCE...

9.8CVSS

10AI Score

0.09EPSS

2023-12-13 09:31 AM
282
nuclei
nuclei

Jellyfin 10.7.2 - Server Side Request Forgery

Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl...

5.8CVSS

5.8AI Score

0.002EPSS

2021-11-24 03:01 PM
4
hackread
hackread

Top 9 Compliance Automation Software in 2024

By Uzair Amir Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise. This is a post from HackRead.com Read the original post: Top 9...

7.4AI Score

2024-05-05 10:21 PM
11
fedora

7.3AI Score

2024-05-26 01:29 AM
1
osv
osv

BIT-suitecrm-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.6AI Score

0.001EPSS

2024-06-12 07:37 AM
osv
osv

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 06:15 PM
osv
osv

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
osv
osv

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

9.5AI Score

0.001EPSS

2024-06-10 08:15 PM
1
fedora
fedora

[SECURITY] Fedora 40 Update: rust-routinator-ui-0.3.4-2.fc40

Web UI for Routinator, a RPKI relying party...

7.3AI Score

2024-05-26 01:29 AM
cisco
cisco

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being...

7.1AI Score

0.0004EPSS

2024-03-27 04:00 PM
19
osv
osv

CVE-2023-28938

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...

4.4CVSS

6.8AI Score

0.0004EPSS

2023-08-11 03:15 AM
1
githubexploit
githubexploit

Exploit for Command Injection in Vmware Vrealize Network Insight

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...

9.8CVSS

10.4AI Score

0.967EPSS

2023-06-13 01:17 PM
416
debiancve
debiancve

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
osv
osv

Silverstripe XSS In GridField print

A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...

6.3AI Score

2024-05-23 03:00 PM
cisco
cisco

Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware.....

7AI Score

0.0004EPSS

2024-03-27 04:00 PM
20
osv
osv

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
cvelist
cvelist

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

6.5AI Score

0.0004EPSS

2024-04-19 12:00 AM
cisco
cisco

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device....

7.1AI Score

0.0004EPSS

2024-03-27 04:00 PM
12
osv
osv

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
osv
osv

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
1
redos
redos

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

7.5CVSS

7.1AI Score

0.002EPSS

2024-05-21 12:00 AM
4
nessus
nessus

Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command...

6.7CVSS

7.2AI Score

0.0004EPSS

2019-06-28 12:00 AM
10
nessus
nessus

Cisco IOS XE Software TFTP DoS

A vulnerability in the flow manager code in Cisco IOS XE could allow a remote, unauthenticated attacker to trigger a denial of service condition resulting in a crash of the device by sending specially generated TFTP UDP traffic. It should be noted that this plugin merely checks for an affected...

7AI Score

0.001EPSS

2014-01-13 12:00 AM
16
veracode
veracode

Assertion Failure

libjasper.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling in the jpc_streamlist_remove function within jpc_dec.c, allowing attackers to trigger a denial of service through a malformed image...

6.7AI Score

0.0004EPSS

2024-04-22 06:14 AM
7
osv
osv

BIT-suitecrm-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

7.7AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 06:15 PM
1
cisco
cisco

Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show....

7.1AI Score

0.0004EPSS

2024-03-27 04:00 PM
25
ubuntucve
ubuntucve

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
osv
osv

BIT-suitecrm-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

6.2AI Score

0.001EPSS

2024-06-12 07:36 AM
1
Total number of security vulnerabilities622542