In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for...
6.8AI Score
0.0004EPSS
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
6.7AI Score
0.0005EPSS
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.1AI Score
0.0005EPSS
Drupal Brute force amplification attacks via XML-RPC
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...
7.5CVSS
7.2AI Score
0.003EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
Check point:CVE-2024-24919 ...
8.6CVSS
6.5AI Score
0.945EPSS
This High severity org.apache.commons:commons-configuration2 Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.apache.commons:commons-configuration2 Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.1AI Score
0.0004EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...
7.5CVSS
9.5AI Score
0.001EPSS
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA...
7.5CVSS
7.1AI Score
0.001EPSS
OpenSSL -- Denial of Service vulnerability
The OpenSSL project reports: Excessive time spent checking DSA keys and parameters (Low) Checking excessively long DSA keys or parameters may be very ...
6.4AI Score
0.0004EPSS
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....
8.1CVSS
8AI Score
0.0004EPSS
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...
6.8AI Score
K000139628: Out-of-band Security Notification (May 29, 2024)
Security Advisory Description On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch...
6.5CVSS
5.6AI Score
0.0004EPSS
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5.....
7.5CVSS
6.6AI Score
0.0005EPSS
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bitbucket Data Center and Server
This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS....
7.5CVSS
7.2AI Score
0.004EPSS
CVE-2024-24919......
8.6CVSS
6.3AI Score
0.945EPSS
Checkpoint POC Exploit for testing purposes to retrieve...
8.6CVSS
6.2AI Score
0.945EPSS
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...
6.8AI Score
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.1AI Score
0.001EPSS
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the.....
5.3CVSS
6.6AI Score
0.0004EPSS
[4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute...
8.1CVSS
6.8AI Score
0.0004EPSS
This High severity org.apache.commons:commons-configuration2 Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.apache.commons:commons-configuration2 Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.1AI Score
0.0004EPSS
CVE-2024-24919-POC A Simple tool to Automate CVE-2024-24919...
8.6CVSS
8.7AI Score
0.945EPSS
AIX is vulnerable to denial of service due to ISC BIND
IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...
7.5CVSS
8.1AI Score
0.05EPSS
openstack-barbican Denial of Service vulnerability
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of...
4.9CVSS
6.9AI Score
0.001EPSS
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...
6.8AI Score
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed......
6.8CVSS
6.7AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
7.8CVSS
8.5AI Score
0.0005EPSS
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Insufficient Verification Of Data Authenticity
sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source...
5.3CVSS
6.9AI Score
0.0004EPSS
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.0004EPSS
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...
6.8AI Score
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is...
6.7AI Score
0.0004EPSS
Denial of service via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield.....
7.5CVSS
7.2AI Score
0.001EPSS
Exploit for Use of Hard-coded Credentials in Dlink Dns-320L Firmware
Dinkleberry 🫐 Are you one of the 92,000+ people1...
7.8AI Score
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...
5.8CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation in Spring Framework
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator...
5.4CVSS
4AI Score
0.001EPSS
9.8CVSS
10AI Score
0.975EPSS
LZ4 vulnerable to Out-of-bounds Write
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user...
9.8CVSS
7.5AI Score
0.002EPSS
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service...
7AI Score
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....
5.8CVSS
6.9AI Score
0.0004EPSS
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version >= v0.17.0 to be protected. References Detailed blog post:...
6.5CVSS
7AI Score
0.0004EPSS
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...
6.6AI Score
EPSS
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key...
5.3CVSS
6.9AI Score
0.001EPSS
OpenStack Glance Denial of service by creating a large number of images
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the...
6.8AI Score
0.007EPSS