Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System

Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...

5.3CVSS

5.7AI Score

0.002EPSS

2024-04-29 10:37 AM
18
ibm
ibm

Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected (CVE-2023-50164). This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50164 DESCRIPTION: **Apache Struts could...

9.8CVSS

9.8AI Score

0.09EPSS

2024-05-01 09:28 AM
9
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

7.5AI Score

0.001EPSS

2024-04-24 04:00 PM
23
cve
cve

CVE-2024-0496

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

9.8CVSS

9.7AI Score

0.001EPSS

2024-01-13 05:15 PM
33
cve
cve

CVE-2019-17449

Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM...

6.7CVSS

6.6AI Score

0.0004EPSS

2019-10-10 04:15 PM
29
cvelist
cvelist

CVE-2023-52843 llc: verify mac len before reading mac header

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...

6.3AI Score

0.0004EPSS

2024-05-21 03:31 PM
2
cve
cve

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI...

9.8CVSS

9.9AI Score

0.002EPSS

2023-04-18 09:15 PM
56
2
githubexploit
githubexploit

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

6CVSS

7.5AI Score

0.001EPSS

2024-05-04 10:40 AM
196
atlassian
atlassian

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CVSS...

7.5CVSS

7.2AI Score

0.001EPSS

2024-02-14 10:47 AM
15
cisco
cisco

Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to...

7AI Score

EPSS

2024-04-17 04:00 PM
17
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS

8.6AI Score

0.001EPSS

2024-04-24 01:04 PM
11
githubexploit
githubexploit

Exploit for Infinite Loop in Cisco Adaptive Security Appliance Software

CVE-2024-20353-CiscoASAandFTD Exploit for DoS Cisco ASA and...

8.6CVSS

7.7AI Score

0.002EPSS

2024-05-03 12:46 PM
182
atlassian
atlassian

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency RCE (Remote Code Execution) vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-bridge...

7.5CVSS

7.7AI Score

0.011EPSS

2024-02-14 10:47 AM
13
cve
cve

CVE-2023-21725

Windows Malicious Software Removal Tool Elevation of Privilege...

6.3CVSS

6.6AI Score

0.0004EPSS

2023-01-10 10:15 PM
168
cve
cve

CVE-2021-43225

Bot Framework SDK Remote Code Execution...

9.8CVSS

9.6AI Score

0.028EPSS

2021-12-15 03:15 PM
56
cve
cve

CVE-2005-4515

SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois...

8.8AI Score

0.008EPSS

2005-12-23 01:03 AM
20
cve
cve

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure...

4.7CVSS

5.4AI Score

0.001EPSS

2023-12-12 06:15 PM
22
cisco
cisco

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

7.3AI Score

0.0004EPSS

2024-05-22 04:00 PM
3
cve
cve

CVE-2006-4349

PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that...

8AI Score

0.086EPSS

2006-08-24 09:04 PM
18
debiancve
debiancve

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.7AI Score

0.0004EPSS

2024-05-21 04:15 PM
2
ubuntucve
ubuntucve

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.7AI Score

0.0004EPSS

2024-05-21 12:00 AM
hp
hp

UC Software – Improper Access Control

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. The recommendation is to update an impacted device to the latest firmware...

6.9AI Score

0.0004EPSS

2024-04-04 12:00 AM
7
cve
cve

CVE-2023-2565

A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input...

6.1CVSS

6.1AI Score

0.001EPSS

2023-05-07 03:15 PM
25
nessus
nessus

AI/LLM Software Report

This plugin utilizes various Nessus detection methods and reports software identified by to Nessus and known to utilize "Artificial Intelligence" (AI) and Large Language Model (LLM) technology. Note that this plugin uses several detection methods. The products reported by this plugin will grow as.....

7.3AI Score

2024-05-29 12:00 AM
hp
hp

Intel Graphics Command Center Service Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Graphics Command Center Service software (bundled in some Intel® Graphics Windows DCH driver software), which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-05-14 12:00 AM
5
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

5.9CVSS

7.1AI Score

0.001EPSS

2024-05-01 10:50 AM
3
cve
cve

CVE-2007-4037

Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers...

6.6AI Score

0.01EPSS

2007-07-27 10:30 PM
18
cve
cve

CVE-2024-0494

A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the.....

9.8CVSS

9.7AI Score

0.001EPSS

2024-01-13 04:15 PM
19
cve
cve

CVE-2007-4035

Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain...

6.5AI Score

0.015EPSS

2007-07-27 10:30 PM
27
ibm
ibm

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-45648 DESCRIPTION: **Apache Tomcat is...

7.5CVSS

7.4AI Score

0.01EPSS

2024-04-30 04:46 PM
23
cve
cve

CVE-2023-3096

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-06-05 06:15 AM
22
cve
cve

CVE-2023-4112

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...

6.1CVSS

6AI Score

0.002EPSS

2023-08-03 05:15 AM
18
cve
cve

CVE-2023-4115

A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier...

6.1CVSS

6AI Score

0.003EPSS

2023-08-03 06:15 AM
19
cve
cve

CVE-2023-3097

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public.....

7.8CVSS

8AI Score

0.0005EPSS

2023-06-05 06:15 AM
112
nessus
nessus

Oracle Installed Software Enumeration (Windows)

It was possible to enumerate installed Oracle software on the remote Windows...

1.8AI Score

2013-12-27 12:00 AM
21
cve
cve

CVE-2021-43575

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic.....

5.5CVSS

6.8AI Score

0.0004EPSS

2021-11-09 11:15 PM
24
osv
osv

CVE-2022-34964

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages...

4.8CVSS

5.9AI Score

0.001EPSS

2022-07-25 03:15 PM
3
cve
cve

CVE-2016-15012

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading....

9.8CVSS

9.8AI Score

0.002EPSS

2023-01-07 01:15 PM
23
osv
osv

CVE-2022-34963

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed...

5.4CVSS

5.9AI Score

0.002EPSS

2022-07-25 03:15 PM
1
osv
osv

CVE-2022-34961

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline...

5.4CVSS

5.9AI Score

0.002EPSS

2022-07-25 03:15 PM
1
cve
cve

CVE-2023-4114

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier.....

6.1CVSS

6AI Score

0.004EPSS

2023-08-03 06:15 AM
15
cve
cve

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to.....

9.8CVSS

9.5AI Score

0.002EPSS

2022-12-27 03:15 PM
60
cve
cve

CVE-2024-0495

A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be...

9.8CVSS

9.7AI Score

0.001EPSS

2024-01-13 05:15 PM
12
cve
cve

CVE-2024-0493

A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql.....

9.8CVSS

9.6AI Score

0.001EPSS

2024-01-13 04:15 PM
17
cve
cve

CVE-2024-0492

A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack....

9.8CVSS

9.8AI Score

0.001EPSS

2024-01-13 03:15 PM
16
cve
cve

CVE-2015-10057

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The...

9.8CVSS

9.5AI Score

0.001EPSS

2023-01-16 07:15 PM
26
veeam
veeam

Veeam Kasten for Kubernetes Performance Troubleshooting Guide

This article documents two of the most common performance tuning settings for Veeam Kasten for...

7.2AI Score

2024-06-14 12:00 AM
veeam
veeam

How to Add RHEL 8/9 Using NIST 800-171 or DISA STIG Security Profile to Veeam Backup & Replication

When using a security profile additional steps must be taken to add a RHEL 8 or RHEL9 server to Veeam Backup &...

7.1AI Score

2021-12-10 12:00 AM
52
cve
cve

CVE-2007-4036

Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory...

6.5AI Score

0.046EPSS

2007-07-27 10:30 PM
19
veeam
veeam

Installing Veeam Backup & Replication 6.5.0.144

This KB explains how to install Veeam Backup & Replication version...

2.9AI Score

2013-08-16 12:00 AM
4
Total number of security vulnerabilities622541