Lucene search

K

T&D Corporation And ESPEC MIC CORP. Security Vulnerabilities

openbugbounty
openbugbounty

d-o-o.de Cross Site Scripting vulnerability OBB-3895706

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-02 09:57 AM
10
cve
cve

CVE-2023-5021

A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It.....

6.1CVSS

6AI Score

0.0005EPSS

2023-09-17 05:15 AM
10
vulnrichment
vulnrichment

CVE-2023-32166 D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.1CVSS

6.7AI Score

0.001EPSS

2024-05-03 01:56 AM
1
vulnrichment
vulnrichment

CVE-2023-32165 D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability

D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS

7.8AI Score

0.001EPSS

2024-05-03 01:56 AM
1
cvelist
cvelist

CVE-2023-44413 D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability

D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

5.9CVSS

6AI Score

0.001EPSS

2024-05-03 02:13 AM
2
cvelist
cvelist

CVE-2023-32166 D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.1CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:56 AM
2
cvelist
cvelist

CVE-2023-32165 D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability

D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists...

9.8CVSS

10AI Score

0.001EPSS

2024-05-03 01:56 AM
2
almalinux
almalinux

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

6.8AI Score

0.05EPSS

2024-05-22 12:00 AM
3
cve
cve

CVE-2024-21028

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS

6.2AI Score

0.0005EPSS

2024-04-16 10:15 PM
32
hp
hp

Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

8.2CVSS

7.2AI Score

0.0004EPSS

2024-05-14 12:00 AM
8
cve
cve

CVE-2024-21030

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS

6.2AI Score

0.0005EPSS

2024-04-16 10:15 PM
31
cve
cve

CVE-2024-21031

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS

6.2AI Score

0.0005EPSS

2024-04-16 10:15 PM
27
openbugbounty
openbugbounty

d-o-o.de Cross Site Scripting vulnerability OBB-3885530

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-25 09:52 PM
2
osv
osv

Quarkus: authorization flaw in quarkus resteasy reactive and classic

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-04-25 06:30 PM
9
osv
osv

runc vulnerable to container breakout through process.cwd trickery and leaked fds

Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2").....

8.6CVSS

8.6AI Score

0.051EPSS

2024-01-31 10:44 PM
10
osv
osv

Vyper's raw_call `value=` kwargs not disabled for static and delegate calls

Summary Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-01-30 06:42 PM
4
osv
osv

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-06-11 06:30 PM
4
vulnrichment
vulnrichment

CVE-2024-5297 D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS

8.3AI Score

0.001EPSS

2024-05-23 09:30 PM
1
cvelist
cvelist

CVE-2024-5297 D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS

9.2AI Score

0.001EPSS

2024-05-23 09:30 PM
3
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

7AI Score

EPSS

2024-06-06 12:00 AM
1
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
1
atlassian
atlassian

Infinite Loop vulnerability in Jira Service Management Data Center and Server

This vulnerability, with a CVSS Score of 7.5, contains an iteration or loop with an exit condition that cannot be reached. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. The software's operation may slow down,....

7AI Score

2024-05-15 07:23 AM
3
osv
osv

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

6.8AI Score

0.05EPSS

2024-05-22 12:00 AM
6
openbugbounty
openbugbounty

vie-d-oc.fr Cross Site Scripting vulnerability OBB-3913841

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-10 08:53 AM
5
oraclelinux
oraclelinux

ruby:3.3 security, bug fix, and enhancement update

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability...

6.5AI Score

EPSS

2024-06-06 12:00 AM
oraclelinux
oraclelinux

ruby:3.1 security, bug fix, and enhancement update

ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...

6.8AI Score

EPSS

2024-06-06 12:00 AM
1
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
3
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.3AI Score

EPSS

2024-06-06 12:00 AM
1
vulnrichment
vulnrichment

CVE-2023-44413 D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability

D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

5.9CVSS

6.8AI Score

0.001EPSS

2024-05-03 02:13 AM
1
cve
cve

CVE-2023-50950

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: ...

5.3CVSS

5AI Score

0.0004EPSS

2024-01-17 05:15 PM
13
ibm
ibm

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details ** CVEID: CVE-2023-6004 DESCRIPTION: **libssh could allow a local...

5.9CVSS

8.6AI Score

EPSS

2024-06-17 11:59 AM
8
almalinux
almalinux

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

7AI Score

0.001EPSS

2024-06-05 12:00 AM
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.6AI Score

0.001EPSS

2024-06-05 12:00 AM
3
metasploit
metasploit

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUN_QUERY_FILE action. If this action is specified, then...

7.2AI Score

2022-07-15 09:29 PM
259
wpvulndb
wpvulndb

Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and.....

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-13 12:00 AM
2
nuclei
nuclei

Lighttpd 1.4.34 SQL Injection and Path Traversal

A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to...

9.8CVSS

9.8AI Score

0.96EPSS

2021-07-26 05:18 PM
46
atlassian
atlassian

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS

7AI Score

0.97EPSS

2023-10-06 05:45 PM
20
nuclei
nuclei

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as...

9.1CVSS

8.6AI Score

0.326EPSS

2024-01-22 05:36 AM
13
nuclei
nuclei

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS

7.3AI Score

0.974EPSS

2020-07-11 05:52 PM
5
atlassian
atlassian

com.google.guava:guava Dependency in Confluence Data Center and Server

This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...

7.1CVSS

7.7AI Score

0.0004EPSS

2024-02-14 08:46 PM
19
osv
osv

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

6.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
atlassian
atlassian

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

9.8CVSS

7.6AI Score

EPSS

2023-09-07 07:28 AM
71
atlassian
atlassian

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the {{PreferQueryMode=SIMPLE}} parameter required for this vulnerability in....

10CVSS

9.7AI Score

0.001EPSS

2024-05-16 04:11 AM
17
osv
osv

Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s),...

7.5CVSS

7AI Score

0.002EPSS

2024-06-14 01:59 PM
1
nuclei
nuclei

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can....

9.8CVSS

9.3AI Score

0.975EPSS

2021-10-07 06:17 PM
11
github
github

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-06-11 06:30 PM
8
cvelist
cvelist

CVE-2024-6044 D-Link router - Arbitrary File Reading

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 02:30 AM
5
cvelist
cvelist

CVE-2024-5298 D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the...

8.8CVSS

9.2AI Score

0.001EPSS

2024-05-23 09:30 PM
4
cvelist
cvelist

CVE-2024-5299 D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS

9.2AI Score

0.001EPSS

2024-05-23 09:30 PM
2
nuclei
nuclei

AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain....

6.5AI Score

EPSS

2023-11-24 12:42 AM
10
Total number of security vulnerabilities2672717