Microsoft IIS Dangerous Sample Files Detection
Some of the IIS sample files are present. They all contain various security flaws which could allow an attacker to execute arbitrary commands, read arbitrary files or gain valuable information about the remote...
8AI Score
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
8AI Score
0.0004EPSS
CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.5AI Score
0.001EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
7.1AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 124.0.6367.95 (Platform version: 15823.40.0) for most ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General:...
8AI Score
0.0005EPSS
(RHSA-2024:1644) Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.7AI Score
0.0005EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.5AI Score
0.001EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.5AI Score
0.001EPSS
Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running...
7.8AI Score
0.0004EPSS
grafana-pcp security and bug fix update
An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...
7.5AI Score
0.0005EPSS
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...
7.2AI Score
0.0004EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.5AI Score
0.001EPSS
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...
7.2AI Score
0.0004EPSS
In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.1AI Score
0.0004EPSS
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
7.1AI Score
0.0004EPSS
CVE-2023-35709 Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.5AI Score
0.001EPSS
CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
6.3AI Score
0.0004EPSS
[239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376] - 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376] - 1B) Add required.....
6.8AI Score
0.001EPSS
CVE-2024-35855 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.8AI Score
0.0004EPSS
CVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....
6.7AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
Vulnerability in the Heerces C++ library of the BigFix Platform IT hardware co-management platform is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, to execute arbitrary code by sending a specially crafted HTTP...
8.8CVSS
8AI Score
0.007EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.8AI Score
0.0004EPSS
Oracle Linux 9 : pcp (ELSA-2024-2213)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2213 advisory. A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services...
6.5AI Score
Exploit for Incorrect Authorization in Ivanti Mobileiron Sentry
MobileIron Sentry CVE-2023-38035 information extraction...
9.2AI Score
CVE-2024-36007 mlxsw: spectrum_acl_tcam: Fix warning during rehash
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...
7AI Score
0.0004EPSS
KyLinFortress is an all-in-one Fortress, SSL VPN, Dynamic Password and CA Certificate. COSCO KyLin Technology Company Limited KyLin Barrier Machine suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...
7.4AI Score
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An unauthorized access vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co. Ltd.'s Intelligent Park, which can be exploited by an attacker to add users...
7AI Score
CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
6.7AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2213 advisory. A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd...
6.2AI Score
FBI Seizes BreachForums Website
The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum's backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be...
6.9AI Score
Debian DLA-1932-1 : openssl security update
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...
6.5AI Score
Beijing Yisaitong Technology Development Co., Ltd. is a company whose business scope includes technical services, technology development, technology consulting, technology exchange, technology transfer, technology promotion and so on. There is a SQL injection vulnerability in the electronic...
7.5AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...
7.9AI Score
0.0004EPSS
COSCO KyLin Technology Co., Ltd. is a R&D-oriented software development company, the company's main products are COSCO KyLin Barrier Machine, KyLin SSL VPN, KyLin Dynamic Password System, KyLin Cloud Desktop and so on. Our main products are COSCO Kirin SSL VPN, Kirin Dynamic Password System, Kirin....
7.5AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...
7.9AI Score
0.0004EPSS
SQL Injection Vulnerability in iFair of Beijing Yiharmonic Technology Co.
Enterprise iFair Collaboration Management System is a professional collaborative office software, the management system is highly compatible and suitable for a wide range of business types. There is a SQL injection vulnerability in iFair, which can be exploited by attackers to obtain sensitive...
7.5AI Score
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
7.1AI Score
0.0004EPSS
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...
7.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...
6.4AI Score
0.0004EPSS
JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...
6.7AI Score
0.0004EPSS
JVN#51770585: EC-CUBE vulnerable to authorization bypass
EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...
6.3AI Score
0.003EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
6.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...
6.6AI Score
0.0004EPSS