| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2747 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2024 | CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. | ||
| CVE-2024-0865 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2024 | CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | ||
| CVE-2024-5908 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2024 | A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for… | ||
| CVE-2024-5907 | Hig | 0.46 | 7.0 | 0.00 | Jun 12, 2024 | A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this… | ||
| CVE-2024-37038 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2024 | CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | ||
| CVE-2024-37037 | Hig | 0.53 | 8.1 | 0.01 | Jun 12, 2024 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | ||
| CVE-2024-5896 | Hig | 0.48 | 7.3 | 0.01 | Jun 12, 2024 | A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible… | ||
| CVE-2024-37300 | Hig | 0.46 | 8.1 | 0.00 | Jun 12, 2024 | OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub… | ||
| CVE-2024-5894 | Hig | 0.48 | 7.3 | 0.01 | Jun 12, 2024 | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has… | ||
| CVE-2024-34065 | Hig | 0.39 | 7.1 | 0.01 | Jun 12, 2024 | Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass… | ||
| CVE-2024-28964 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2024 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.… | ||
| CVE-2024-36263 | Hig | 0.46 | 8.1 | 0.01 | Jun 12, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to… | ||
| CVE-2024-25949 | Hig | 0.57 | 8.8 | 0.00 | Jun 12, 2024 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | ||
| CVE-2024-5211 | Hig | 0.00 | 7.2 | 0.01 | Jun 12, 2024 | A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and… | ||
| CVE-2024-4845 | Hig | 0.50 | 8.8 | 0.00 | Jun 12, 2024 | The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.… | ||
| CVE-2023-48280 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2024 | Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. | ||
| CVE-2024-5154 | Hig | 0.53 | 8.1 | 0.01 | Jun 12, 2024 | A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | ||
| CVE-2024-3183 | Hig | 0.53 | 8.1 | 0.02 | Jun 12, 2024 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal… | ||
| CVE-2024-2698 | Hig | 0.50 | 8.8 | 0.01 | Jun 12, 2024 | A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If… | ||
| CVE-2024-36856 | Hig | 0.42 | 7.5 | 0.01 | Jun 12, 2024 | RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a vast number of long-lived malicious publish/subscribe sessions. | ||
| CVE-2024-5543 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2024 | The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. … | ||
| CVE-2024-5847 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2024-5846 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2024-5845 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2024-5844 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-5842 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-5841 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-5838 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5837 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5836 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2024-5835 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5834 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5833 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5832 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5831 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5830 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-33606 | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2024 | An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability. | ||
| CVE-2024-28877 | Hig | 0.57 | 8.8 | 0.01 | Jun 11, 2024 | MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. | ||
| CVE-2023-4727 | Hig | 0.42 | 7.5 | 0.01 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to… | ||
| CVE-2024-37301 | Hig | 0.40 | 7.2 | 0.01 | Jun 11, 2024 | Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full… | ||
| CVE-2024-36702 | Hig | 0.48 | 7.4 | 0.00 | Jun 11, 2024 | libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | ||
| CVE-2024-28020 | Hig | 0.52 | 8.0 | 0.00 | Jun 11, 2024 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | ||
| CVE-2024-4190 | Hig | 0.53 | 8.1 | 0.00 | Jun 11, 2024 | Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited. | ||
| CVE-2024-37325 | Hig | 0.53 | 8.1 | 0.01 | Jun 11, 2024 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | ||
| CVE-2024-37293 | Hig | 0.00 | 7.5 | 0.00 | Jun 11, 2024 | The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined… | ||
| CVE-2024-35265 | Hig | 0.46 | 7.0 | 0.00 | Jun 11, 2024 | Windows Perception Service Elevation of Privilege Vulnerability | ||
| CVE-2024-35254 | Hig | 0.46 | 7.1 | 0.01 | Jun 11, 2024 | Azure Monitor Agent Elevation of Privilege Vulnerability | ||
| CVE-2024-35252 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2024 | Azure Storage Movement Client Library Denial of Service Vulnerability | ||
| CVE-2024-35250 | Hig | 0.68 | 7.8 | 0.25 | KEV | Jun 11, 2024 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |
| CVE-2024-35249 | Hig | 0.57 | 8.8 | 0.03 | Jun 11, 2024 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.00
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.
- risk 0.51cvss 7.8epss 0.00
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
- risk 0.49cvss 7.5epss 0.00
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for…
- risk 0.46cvss 7.0epss 0.00
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this…
- risk 0.49cvss 7.5epss 0.00
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
- risk 0.53cvss 8.1epss 0.01
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
- risk 0.48cvss 7.3epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible…
- risk 0.46cvss 8.1epss 0.00
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub…
- risk 0.48cvss 7.3epss 0.01
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has…
- risk 0.39cvss 7.1epss 0.01
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass…
- risk 0.51cvss 7.8epss 0.00
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.…
- risk 0.46cvss 8.1epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to…
- risk 0.57cvss 8.8epss 0.00
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
- risk 0.00cvss 7.2epss 0.01
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and…
- risk 0.50cvss 8.8epss 0.00
The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
- risk 0.53cvss 8.1epss 0.01
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
- risk 0.53cvss 8.1epss 0.02
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal…
- risk 0.50cvss 8.8epss 0.01
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If…
- risk 0.42cvss 7.5epss 0.01
RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a vast number of long-lived malicious publish/subscribe sessions.
- risk 0.53cvss 8.1epss 0.00
The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.01
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.01
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.01
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.01
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.01
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.01
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- risk 0.57cvss 8.8epss 0.00
An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.
- risk 0.57cvss 8.8epss 0.01
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.
- risk 0.42cvss 7.5epss 0.01
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to…
- risk 0.40cvss 7.2epss 0.01
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full…
- risk 0.48cvss 7.4epss 0.00
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
- risk 0.52cvss 8.0epss 0.00
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
- risk 0.53cvss 8.1epss 0.00
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited.
- risk 0.53cvss 8.1epss 0.01
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
- risk 0.00cvss 7.5epss 0.00
The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined…
- risk 0.46cvss 7.0epss 0.00
Windows Perception Service Elevation of Privilege Vulnerability
- risk 0.46cvss 7.1epss 0.01
Azure Monitor Agent Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.02
Azure Storage Movement Client Library Denial of Service Vulnerability
- risk 0.68cvss 7.8epss 0.25
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.03
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability