VYPR

CVEs

100,472 total · page 655 of 2,010

  • CVE-2024-39549HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute.…

  • CVE-2024-39548HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their…

  • CVE-2024-39546HigJul 11, 2024
    risk 0.47cvss 7.3epss 0.00

    A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root…

  • CVE-2024-39545HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part…

  • CVE-2024-39542HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based…

  • CVE-2024-39540HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected…

  • CVE-2024-39531HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst…

  • CVE-2024-39904HigJul 11, 2024
    risk 0.50cvss 8.8epss 0.01

    VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,…

  • CVE-2024-39530HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific…

  • CVE-2024-39529HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.00

    A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA)…

  • CVE-2024-39524HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…

  • CVE-2024-39523HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…

  • CVE-2024-39522HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…

  • CVE-2024-39521HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…

  • CVE-2024-39520HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…

  • CVE-2024-32753HigJul 11, 2024
    risk 0.46cvss epss 0.00

    Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component

  • CVE-2024-38536HigJul 11, 2024
    risk 0.49cvss 7.5epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.

  • CVE-2024-38535HigJul 11, 2024
    risk 0.00cvss 7.5epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

  • CVE-2024-38534HigJul 11, 2024
    risk 0.00cvss 7.5epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

  • CVE-2024-28872HigJul 11, 2024
    risk 0.58cvss 8.9epss 0.00

    The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service…

  • CVE-2024-5681HigJul 11, 2024
    risk 0.51cvss 7.8epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

  • CVE-2024-5680HigJul 11, 2024
    risk 0.46cvss 7.1epss 0.00

    CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

  • CVE-2024-5679HigJul 11, 2024
    risk 0.46cvss 7.1epss 0.00

    CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

  • CVE-2024-2602HigJul 11, 2024
    risk 0.47cvss 7.3epss 0.00

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.

  • CVE-2024-6666HigJul 11, 2024
    risk 0.50cvss 8.8epss 0.01

    The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2024-1845HigJul 11, 2024
    risk 0.57cvss 8.8epss 0.00

    The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

  • CVE-2024-22280HigJul 11, 2024
    risk 0.55cvss 8.5epss 0.00

    VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

  • CVE-2024-6653HigJul 11, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be…

  • CVE-2024-6447HigJul 11, 2024
    risk 0.47cvss 7.2epss 0.01

    The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on…

  • CVE-2024-39565HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.01

    An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged…

  • CVE-2024-39562HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.00

    A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH…

  • CVE-2024-39555HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service…

  • CVE-2024-39518HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.00

    A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is…

  • CVE-2024-6286HigJul 10, 2024
    risk 0.51cvss 7.8epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

  • CVE-2024-6236HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

  • CVE-2024-6151HigJul 10, 2024
    risk 0.51cvss 7.8epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

  • CVE-2024-6148HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

  • CVE-2024-39693HigJul 10, 2024
    risk 0.42cvss 7.5epss 0.00

    Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.

  • CVE-2024-38354HigJul 10, 2024
    risk 0.53cvss 8.1epss 0.00

    CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks…

  • CVE-2024-37149HigJul 10, 2024
    risk 0.48cvss 7.2epss 0.21

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script.…

  • CVE-2024-37148HigJul 10, 2024
    risk 0.54cvss 8.1epss 0.20

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take…

  • CVE-2024-6235HigJul 10, 2024
    risk 0.59cvss 8.8epss 0.21

    Sensitive information disclosure in NetScaler Console

  • CVE-2024-5491HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

  • CVE-2024-32469HigJul 10, 2024
    risk 0.39cvss 7.1epss 0.00

    Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.

  • CVE-2024-37115HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.

  • CVE-2024-37110HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

  • CVE-2024-32759HigJul 10, 2024
    risk 0.50cvss epss 0.00

    Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.

  • CVE-2024-3325HigJul 10, 2024
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.

  • CVE-2024-40332HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord

  • CVE-2024-40331HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup