AVEVA Software, LLC. Security Vulnerabilities
CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this.....
7.1CVSS
7AI Score
0.0004EPSS
CVE-2023-6047 Reflected XSS in Algoritim E-commerce Software
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before...
6.1CVSS
6.5AI Score
0.0005EPSS
XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : # Chrome Version 54.0.2840.59 (64-bit) # Firefox 49.0 h3. Steps to Reproduce # Configure Outgoing Mail # Enable Contact Administrators Form from General...
0.2AI Score
Intel Chipset Device Software < 10.1.19444.8378 Escalation of Privilege
The version of Intel Chipset Device Software installed on the remote Windows host is prior to 10.1.19444.8378. It is, therefore, affected by multiple vulnerabilities: Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. (CVE-2023-28388,...
7.8CVSS
7.7AI Score
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.3CVSS
0.0004EPSS
"HTTP protocol is not supported, please use HTTPS." Error When Adding Object Storage
Veeam Backup & Replication does not support connection to S3 compatible object storage over HTTP. Make sure that your S3 compatible object storage supports HTTPS protocol and has the necessary certificate...
7AI Score
2.6AI Score
In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...
6.2AI Score
0.0004EPSS
CVE-2024-32777 WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...
7.5CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the....
6.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.3AI Score
0.0004EPSS
CVE-2024-23503 WordPress Ninja Tables plugin <= 5.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...
6.9AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
6.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
7AI Score
0.0004EPSS
CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
ACME mini_httpd <1.30 - Local File Inclusion
ACME mini_httpd before 1.30 is vulnerable to local file...
6.5CVSS
6.4AI Score
0.393EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
9.8CVSS
9.8AI Score
0.97EPSS
CVE-2024-32777 WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...
7.5CVSS
0.0004EPSS
Exploit for SQL Injection in Cisco Smart Software Manager On-Prem
CVE-2023-20110 PoC script for CVE-2023-20110 -...
6.5CVSS
8AI Score
0.001EPSS
8.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
7AI Score
0.0004EPSS
Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working.....
6.8AI Score
0.018EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.7AI Score
0.0004EPSS
DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.7CVSS
8AI Score
0.002EPSS
This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.4.0, 9.7.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. Jira Software Data Center versions 9.14.0, 9.13.0, 9.13.1 are NOT affected This...
7.5CVSS
7.7AI Score
0.005EPSS
CVE-2023-52775 net/smc: avoid data corruption caused by decline
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.5AI Score
0.0004EPSS
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to.....
4.7CVSS
4.8AI Score
0.001EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
The version of Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software running on the remote web server is affected by a cross-site scripting vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to...
6.1CVSS
2.6AI Score
0.971EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
4.3CVSS
0.0004EPSS
TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...
7.8AI Score
EPSS
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
7.2AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
5.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...
7.1CVSS
8.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS