SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from...
8AI Score
0.013EPSS
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and...
7.5CVSS
6.6AI Score
0.002EPSS
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in...
8.8CVSS
9AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and...
5.3CVSS
5.5AI Score
0.001EPSS
HashiCorp Vault Improper Privilege Management
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in...
9.1CVSS
6.7AI Score
0.002EPSS
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Moderate: idm:DL1 and idm:client security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...
6.8CVSS
6.7AI Score
0.0004EPSS
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and...
7.5CVSS
7.2AI Score
0.002EPSS
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in...
7.5CVSS
6.7AI Score
0.001EPSS
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4777 advisory. An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information...
5.6CVSS
6.7AI Score
0.001EPSS
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until.....
9.1CVSS
7.3AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in...
4.3CVSS
4.5AI Score
0.001EPSS
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...
7.8CVSS
7.2AI Score
0.0004EPSS
Veeam Backup and Replication with Veeam Backup Enterprise Manager Multiple Vulnerabilities (KB4581)
The version of Veeam Backup and Replication with Veeam Backup Enterprise Manager installed on the remote Windows host is prior to 12.1.2.172. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Veeam Backup Enterprise Manager that allows an unauthenticated attacker to log.....
9.8CVSS
6.2AI Score
0.0004EPSS
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
7.1AI Score
0.0004EPSS
Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault
Improper Authentication in HashiCorp Vault in...
7.5CVSS
6.7AI Score
0.001EPSS
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and...
6.1CVSS
6.2AI Score
0.003EPSS
HashiCorp Vault Improper Privilege Management
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in...
5.3CVSS
6.8AI Score
0.001EPSS
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and...
6.5CVSS
7.1AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and...
4.1CVSS
7AI Score
0.0005EPSS
RHEL 6 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or ...
9.8CVSS
8.7AI Score
0.972EPSS
In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.1CVSS
6.8AI Score
EPSS
In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.8CVSS
6.8AI Score
EPSS
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and...
3.4CVSS
7AI Score
0.0005EPSS
Denial of service in HashiCorp Consul
HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and...
7.5CVSS
6.5AI Score
0.002EPSS
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12378)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12378 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.6AI Score
0.002EPSS
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.7CVSS
2.6AI Score
0.0004EPSS
Moderate: idm:DL1 security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of...
5.3CVSS
6.6AI Score
0.0004EPSS
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and...
6.5CVSS
6.4AI Score
0.001EPSS
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...
6.5CVSS
6.7AI Score
0.001EPSS
Hashicorp Vault may expose sensitive log information
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...
6.5CVSS
6.3AI Score
0.001EPSS
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4733)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4733 advisory. An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information...
5.6CVSS
6.6AI Score
0.001EPSS
RHEL 6 : Red Hat OpenShift Enterprise 2.2.8 (RHSA-2015:2666)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2666 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private...
6.3AI Score
0.003EPSS
RHEL 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2021:3219)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3219 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.7AI Score
0.001EPSS
Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a....
4.3CVSS
6.7AI Score
0.0004EPSS
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...
6.5AI Score
0.0004EPSS
Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0109)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0109 advisory. Line directives (//line) can be used to bypass the restrictions on //go:cgo_ directives, allowing blocked linker and...
9.8CVSS
8.5AI Score
0.005EPSS
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and...
7.5CVSS
7.1AI Score
0.02EPSS
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted...
6.4AI Score
0.0004EPSS
Qlik Sense Enterprise HTTP Tunneling RCE
The version of Qlik Sense Enterprise installed on the remote Windows host is prior to November 2021 Patch 17, February 2022 prior to Patch 15, May 2022 prior to Patch 16, August 2022 prior to Patch 14, November 2022 prior to Patch 12, February 2023 prior to Patch 10, May 2023 prior to Patch 6 or...
9.9CVSS
9.9AI Score
0.92EPSS
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12270)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12270 advisory. An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of...
7.8CVSS
8AI Score
0.002EPSS
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12257)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12257 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
The remote web server hosts a version of Jenkins that is prior to 1.650, or a version of Jenkins LTS prior to 1.642.2; or else a version of Jenkins Enterprise that is 1.642.x.y prior to 1.642.2.1, 1.625.x.y prior to 1.625.16.1, or 1.609.x.y prior to 1.609.16.1. It is, therefore, affected by the...
9.8CVSS
8.9AI Score
0.972EPSS
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and...
6.5CVSS
6.4AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit.....
3.7CVSS
4.5AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version...
9.9CVSS
9.5AI Score
0.001EPSS
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in...
5CVSS
4.6AI Score
0.001EPSS
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker...
3.1CVSS
4.2AI Score
0.002EPSS
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and...
8.8CVSS
7.1AI Score
0.002EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily...
5.3CVSS
4.9AI Score
0.001EPSS