Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

nessus
nessus

Cisco Firepower Threat Defense Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP...

8.6CVSS

8.7AI Score

0.002EPSS

2024-04-26 12:00 AM
8
veracode
veracode

Assertion Failure

libjasper.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling in the jpc_streamlist_remove function within jpc_dec.c, allowing attackers to trigger a denial of service through a malformed image...

6.7AI Score

0.0004EPSS

2024-04-22 06:14 AM
7
cve
cve

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

6.3AI Score

0.0004EPSS

2024-04-19 01:15 PM
33
osv
osv

BIT-suitecrm-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

6.2AI Score

0.001EPSS

2024-06-12 07:36 AM
1
veeam
veeam

How to Upgrade .NET and ASP.NET Runtimes When Using Veeam ONE 12 GA (build 12.0.0.2498) or Lower

This article documents how to upgrade the .NET and ASP.NET runtime to the latest version when using Veeam ONE. Customers running Veeam ONE version 12 or older are advised to follow the steps described in this article to mitigate Microsoft...

7.8CVSS

8.4AI Score

0.002EPSS

2023-02-10 12:00 AM
195
osv
osv

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

8.7AI Score

0.001EPSS

2024-06-10 08:15 PM
nessus
nessus

Atlassian Confluence Installed (Windows)

Atlassian Confluence was detected on the remote Windows...

2.2AI Score

2022-06-09 12:00 AM
17
osv
osv

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if.....

5.3CVSS

6AI Score

0.0004EPSS

2024-03-18 05:15 PM
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtbase-6.7.1-2.fc40

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
osv
osv

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through...

4.3CVSS

7.8AI Score

0.001EPSS

2023-03-28 12:15 PM
1
nessus
nessus

Cisco Firepower Management Center Software Object Group Access Control List Bypass (cisco-sa-fmc-object-bypass-fTH8tDjq)

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

5.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
cisco
cisco

Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates...

7.2AI Score

0.0004EPSS

2024-03-27 04:00 PM
12
osv
osv

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any...

9.8CVSS

9.7AI Score

0.054EPSS

2023-03-28 01:15 PM
7
nessus
nessus

Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an...

8.6CVSS

7.4AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
githubexploit
githubexploit

Exploit for CVE-2022-41099

I take no Liability & Warranty on this script please fully test...

4.6CVSS

4.7AI Score

0.001EPSS

2023-01-16 08:57 AM
178
osv
osv

BIT-suitecrm-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

7.6AI Score

0.0004EPSS

2024-06-12 07:36 AM
cvelist
cvelist

CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-04-10 05:06 PM
github
github

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production...

6.9AI Score

2024-05-23 05:27 PM
7
osv
osv

Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...

6.4AI Score

2024-05-23 03:23 PM
2
osv
osv

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...

6.4AI Score

2024-05-23 02:57 PM
2
osv
osv

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production...

6.9AI Score

2024-05-23 05:27 PM
3
osv
osv

Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...

6AI Score

2024-05-23 05:15 PM
1
tibco
tibco

TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182

**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-14 05:42 PM
4
nuclei
nuclei

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

9.8CVSS

9.9AI Score

0.287EPSS

2024-03-06 06:03 PM
23
osv
osv

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

8.4AI Score

0.0005EPSS

2024-06-10 08:15 PM
cisco
cisco

Cisco Secure Email Gateway HTTP Response Splitting Vulnerability

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to...

6.1AI Score

0.0004EPSS

2024-05-15 04:00 PM
14
osv
osv

CVE-2023-51257

An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary...

7.8CVSS

7.2AI Score

0.0004EPSS

2024-01-16 02:15 AM
4
osv
osv

CVE-2024-23645

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to...

6.5CVSS

6.4AI Score

0.001EPSS

2024-02-01 06:15 PM
8
osv
osv

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not...

6.5CVSS

6.9AI Score

0.001EPSS

2022-08-04 06:15 PM
1
github
github

Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...

6AI Score

2024-05-23 05:15 PM
3
osv
osv

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-03-22 07:15 PM
2
github
github

Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...

6.4AI Score

2024-05-23 03:23 PM
1
nuclei
nuclei

Apache OFBiz < 18.12.11 - Server Side Request Forgery

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes...

7.5CVSS

7.5AI Score

0.205EPSS

2023-12-28 01:56 PM
78
github
github

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...

6.4AI Score

2024-05-23 02:57 PM
2
nvd
nvd

CVE-2024-32521

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2024-32521

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 09:15 AM
41
nuclei
nuclei

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

7.5CVSS

6.4AI Score

0.259EPSS

2021-11-05 08:15 AM
12
github
github

Silverstripe XSS In GridField print

A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...

6.3AI Score

2024-05-23 03:00 PM
1
osv
osv

CVE-2023-31286

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not...

5.3CVSS

7.1AI Score

0.001EPSS

2023-04-27 03:15 AM
1
osv
osv

CVE-2023-31287

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the...

7.8CVSS

7.1AI Score

0.0004EPSS

2023-04-27 03:15 AM
1
osv
osv

CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...

8.1CVSS

7.7AI Score

0.001EPSS

2024-02-01 06:15 PM
2
osv
osv

CVE-2023-34149

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or...

6.5CVSS

7.1AI Score

0.012EPSS

2023-06-14 08:15 AM
2
osv
osv

CVE-2023-25197

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through...

6.3CVSS

7.8AI Score

0.001EPSS

2023-03-28 12:15 PM
3
osv
osv

CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later...

6.1CVSS

6.1AI Score

0.003EPSS

2022-12-19 12:15 PM
2
osv
osv

CVE-2023-33933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later...

7.5CVSS

7.1AI Score

0.001EPSS

2023-06-14 08:15 AM
5
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6796-1 advisory. Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use...

6.4CVSS

8.2AI Score

EPSS

2024-05-29 12:00 AM
cvelist
cvelist

CVE-2024-32521 WordPress Zero Spam for WordPress plugin <= 5.5.6 - Bypass Spam Protection vulnerability

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 08:56 AM
githubexploit
githubexploit

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit...

9.8CVSS

8.4AI Score

0.957EPSS

2023-06-09 07:07 PM
121
osv
osv

CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...

7.5CVSS

7.1AI Score

0.001EPSS

2023-07-05 09:15 PM
2
Total number of security vulnerabilities622541