Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

osv
osv

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
veeam
veeam

NFC connectivity troubleshooting steps

You may find the following error in the job log: NFC storage connection is unavailable [timestamp] Error Client error: NFC storage connection is unavailable. Storage: [stg:datastore-110,nfchost:host-164,conn:89.21.235.108]. Storage display name: [Datastore]. [timestamp] Error Failed to create NFC.....

1.2AI Score

2011-08-26 12:00 AM
19
osv
osv

CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There.....

5.3CVSS

7.2AI Score

0.001EPSS

2023-09-27 03:19 PM
6
redos
redos

ROS-20240607-01

Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....

9.1CVSS

8.6AI Score

0.029EPSS

2024-06-07 12:00 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39

Web UI for Routinator, a RPKI relying party...

7.3AI Score

2024-06-02 03:39 AM
osv
osv

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

6.3AI Score

2024-05-22 06:53 PM
2
osv
osv

CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive...

5.5CVSS

6.8AI Score

0.001EPSS

2023-08-22 07:16 PM
3
osv
osv

BIT-suitecrm-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

7.6AI Score

0.0004EPSS

2024-06-12 07:36 AM
1
osv
osv

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

6.3AI Score

2024-05-22 06:25 PM
2
osv
osv

CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......

5.3CVSS

6.5AI Score

0.002EPSS

2022-06-28 06:15 PM
3
osv
osv

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 06:15 PM
osv
osv

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.7AI Score

0.048EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

8.4AI Score

0.0005EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is...

9.8CVSS

9.9AI Score

0.74EPSS

2022-07-16 05:15 PM
3
osv
osv

CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS

6.9AI Score

0.0005EPSS

2023-09-27 03:19 PM
4
osv
osv

CVE-2022-39372

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...

5.4CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
osv
osv

CVE-2023-41324

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to....

8.8CVSS

6.9AI Score

0.001EPSS

2023-09-27 03:19 PM
2
nessus
nessus

Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)

Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

7.9CVSS

7.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
6
osv
osv

CVE-2022-39375

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users....

5.4CVSS

6.9AI Score

0.001EPSS

2022-11-03 04:15 PM
4
osv
osv

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

7.5CVSS

7AI Score

0.001EPSS

2023-12-27 05:15 PM
6
githubexploit
githubexploit

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

9.8CVSS

9.8AI Score

0.948EPSS

2023-02-20 03:12 PM
253
osv
osv

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
3
osv
osv

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
1
rosalinux
rosalinux

Advisory ROSA-SA-2024-2431

Software: lua 5.3.4 OS: ROSA Virtualization 2.1 package_evr_string: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in lua_resume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...

5.5CVSS

7AI Score

0.001EPSS

2024-06-17 08:56 AM
2
osv
osv

CVE-2022-39370

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

4.3CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
2
nuclei
nuclei

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

7.5CVSS

6.4AI Score

0.259EPSS

2021-11-05 08:15 AM
12
githubexploit
githubexploit

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria Operations For Networks

CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations...

9.8CVSS

7.3AI Score

0.945EPSS

2023-09-01 04:17 PM
210
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
2
cisco
cisco

Cisco Secure Email Gateway HTTP Response Splitting Vulnerability

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to...

6.1AI Score

0.0004EPSS

2024-05-15 04:00 PM
14
osv
osv

CVE-2022-39277

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS)...

4.8CVSS

5.9AI Score

0.001EPSS

2022-11-03 04:15 PM
4
nvidia
nvidia

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
42
cve
cve

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...

6.3AI Score

0.0004EPSS

2024-05-28 12:15 AM
24
veeam
veeam

How to uninstall Veeam CDP VAIO filter driver manually

Veeam Support Knowledge Base answer to: How to uninstall Veeam CDP VAIO filter driver...

2.8AI Score

2021-04-22 12:00 AM
7
ibm
ibm

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)

Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-04-30 08:34 AM
2
nessus
nessus

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

8.6CVSS

7.5AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
nvd
nvd

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
github
github

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

6.3AI Score

2024-05-22 06:53 PM
3
githubexploit
githubexploit

Exploit for SQL Injection in Cisco Smart Software Manager On-Prem

CVE-2023-20110 PoC script for CVE-2023-20110 -...

6.5CVSS

8AI Score

0.001EPSS

2023-07-16 10:53 AM
355
debiancve
debiancve

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
cvelist
cvelist

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

6.5AI Score

0.0004EPSS

2024-04-19 12:00 AM
githubexploit
githubexploit

Exploit for SQL Injection in Osgeo Geoserver

CVE-2023-25157 - GeoServer SQL Injection - PoC CVE:...

9.8CVSS

9.9AI Score

0.58EPSS

2023-06-06 02:05 PM
260
github
github

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

6.3AI Score

2024-05-22 06:25 PM
3
openbugbounty
openbugbounty

software-dl.ti.com Cross Site Scripting vulnerability OBB-3852622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-14 01:05 PM
7
osv
osv

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-03-22 07:15 PM
2
osv
osv

CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...

8.8CVSS

7AI Score

0.001EPSS

2022-09-29 03:15 AM
4
cve
cve

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

6.3AI Score

0.0004EPSS

2024-04-19 01:15 PM
33
ibm
ibm

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability...

3.7CVSS

5AI Score

0.001EPSS

2024-05-01 09:37 PM
1
ibm
ibm

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS

10AI Score

EPSS

2024-05-07 07:21 PM
15
osv
osv

CVE-2023-28938

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...

4.4CVSS

6.8AI Score

0.0004EPSS

2023-08-11 03:15 AM
1
githubexploit
githubexploit

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical...

7.8CVSS

8.3AI Score

0.001EPSS

2023-08-06 06:46 AM
154
Total number of security vulnerabilities624176