Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
4.9CVSS
4.7AI Score
0.0004EPSS
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications.....
6.5CVSS
7.1AI Score
0.0005EPSS
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
3.3CVSS
3.9AI Score
0.0004EPSS
glpi -- Unauthenticated Stored XSS
MITRE Corporation reports: In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...
8CVSS
1.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems...
6.5AI Score
0.0004EPSS
KB5031377: Windows 10 LTS 1507 Security Update (October 2023)
The remote Windows host is missing security update 5031377. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577) Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434) ...
9.8CVSS
8.2AI Score
0.525EPSS
KB5018476: Windows 8.1 and Windows Server 2012 R2 Security Update (October 2022)
The remote Windows host is missing security update 5018476. It is, therefore, affected by multiple vulnerabilities Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045) Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040) Microsoft WDAC...
8.8CVSS
8.1AI Score
0.017EPSS
The remote Windows host is missing security update 5005033. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-34483,...
9.9CVSS
9.1AI Score
0.351EPSS
KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)
The remote Windows host is missing security update 5005089 or cumulative update 5005088. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-26425, CVE-2021-34483,...
9.9CVSS
9.1AI Score
0.816EPSS
KB4601319: Windows 10 version 2004 Feb 2021 Security Update
The remote Windows host is missing security update 4601319. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1734, CVE-2021-24076, CVE-2021-24079,...
9.8CVSS
8.9AI Score
0.212EPSS
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's...
5.9AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.9CVSS
5.7AI Score
0.001EPSS
glpi -- SQL Injection in Search API
MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or...
5CVSS
1.7AI Score
0.001EPSS
glpi -- able to read any token through API user endpoint
MITRE Corporation reports: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or...
7.2CVSS
2.1AI Score
0.002EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...
7.5CVSS
7.6AI Score
0.0004EPSS
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's...
8.4CVSS
8.1AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...
9.8CVSS
10AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...
7.1CVSS
6.8AI Score
0.0004EPSS
Security Updates for Microsoft Exchange Server (December 2020)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker could exploit this to execute unauthorized arbitrary code. (CVE-2020-17117, CVE-2020-17132, ...
9.1CVSS
8.3AI Score
0.034EPSS
Security Updates for Exchange (September 2020)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An...
8.4CVSS
8AI Score
0.422EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to.....
6.6AI Score
0.0004EPSS
Security Updates for Exchange (April 2019)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker...
6.1CVSS
6.4AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.7CVSS
3AI Score
0.0004EPSS
Security Updates for Exchange (March 2020)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request...
5.4CVSS
5.9AI Score
0.001EPSS
KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)
The remote Windows host is missing security update 5037765 or 5039705. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability...
8.8CVSS
7.7AI Score
0.008EPSS
KB5036892: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2024)
The remote Windows host is missing security update 5036892. It is, therefore, affected by multiple vulnerabilities SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, ...
8.8CVSS
7.6AI Score
0.004EPSS
KB5031354: Windows 11 version 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August...
9.8CVSS
8.9AI Score
0.732EPSS
KB5031364: Windows 2022 / Azure Stack HCI 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August...
9.8CVSS
8.9AI Score
0.732EPSS
KB5031427: Windows Server 2012 Security Update (October 2023)
The remote Windows host is missing security update 5031427. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577) Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434) ...
9.8CVSS
8.2AI Score
0.525EPSS
KB5028185: Windows 11 version 22H2 Security Update (July 2023)
The remote Windows host is missing security update 5028185. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367) Windows Netlogon Information Disclosure...
9.8CVSS
8.1AI Score
0.147EPSS
KB5006667: Windows 10 version 1909 Security Update (October 2021)
The remote Windows host is missing security update 5006667. It is, therefore, affected by multiple vulnerabilities: A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36970, CVE-2021-40455) A denial of...
8.8CVSS
8.4AI Score
0.512EPSS
glpi -- Public GLPIKEY can be used to decrypt any data
MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...
7.2CVSS
1.2AI Score
0.001EPSS
KB5036893: Windows 11 version 22H2 Security Update (April 2024)
The remote Windows host is missing security update 5036893. It is, therefore, affected by multiple vulnerabilities SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, ...
8.8CVSS
7.6AI Score
0.004EPSS
KB5036894: Windows 11 version 21H2 Security Update (April 2024)
The remote Windows host is missing security update 5036894. It is, therefore, affected by multiple vulnerabilities SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, ...
8.8CVSS
7.6AI Score
0.004EPSS
KB5036899: Windows 10 Version 1607 / Windows Server 2016 Security Update (April 2024)
The remote Windows host is missing security update 5036899. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26214) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168,...
8.8CVSS
7.6AI Score
0.001EPSS
KB5031441: Windows Server 2008 R2 Security Update (October 2023)
The remote Windows host is missing security update 5031441. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577) Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434) ...
9.8CVSS
8.2AI Score
0.061EPSS
KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update
The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36955, CVE-2021-36963,...
8.8CVSS
9.1AI Score
0.512EPSS
KB5005607: Windows Server 2012 September 2021 Security Update
The remote Windows host is missing security update 5005607 or cumulative update 5005623. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36955, CVE-2021-36963,...
8.8CVSS
9.1AI Score
0.512EPSS
KB5005106: Windows 8.1 and Windows Server 2012 R2 Security Update (August 2021)
The remote Windows host is missing security update 5005106 or cumulative update 5005076. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-26425, CVE-2021-26426,...
9.9CVSS
8.8AI Score
0.816EPSS
KB5000840: Windows Server 2012 March 2021 Security Update
The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands....
9.8CVSS
9.1AI Score
0.047EPSS
KB4601345: Windows 10 Version 1809 and Windows Server 2019 February 2021 Security Update
The remote Windows host is missing security update 4601345. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1734, CVE-2021-24076, CVE-2021-24079,...
9.8CVSS
8.9AI Score
0.212EPSS
KB4598287: Windows Server 2008 January 2021 Security Update
The remote Windows host is missing security update 4598287 or cumulative update 4598288. It is, therefore, affected by multiple vulnerabilities : A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...
8.8CVSS
8.8AI Score
0.016EPSS
glpi -- Unauthenticated File Deletion
MITRE Corporation reports: In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and...
9.1CVSS
2.9AI Score
0.001EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.9CVSS
4.7AI Score
0.0004EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise...
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...
7.2CVSS
7.2AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...
5.3CVSS
5.4AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...
7.1CVSS
6.8AI Score
0.0004EPSS