1851
|
6.5 |
MEDIUM
Local
|
theforeman
|
foreman
|
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the ne…
|
CWE-77
Command Injection
|
CVE-2024-7700
|
2024-09-16 23:20 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1852
|
4.3 |
MEDIUM
Network
|
sap
|
oil_\%\/_gas
|
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow…
|
CWE-862
Missing Authorization
|
CVE-2024-44112
|
2024-09-16 23:19 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1853
|
5.4 |
MEDIUM
Network
|
checkmk
|
checkmk
|
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
|
CWE-79
Cross-site Scripting
|
CVE-2024-6052
|
2024-09-16 23:15 |
2024-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1854
|
6.5 |
MEDIUM
Network
|
redhat infinispan
|
data_grid jboss_data_grid infinispan
|
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed objec…
|
NVD-CWE-Other
|
CVE-2023-5236
|
2024-09-16 23:15 |
2023-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1855
|
6.5 |
MEDIUM
Network
|
redhat infinispan
|
data_grid jboss_data_grid jboss_enterprise_application_platform infinispan
|
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access inf…
|
NVD-CWE-Other
|
CVE-2023-3629
|
2024-09-16 23:15 |
2023-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1856
|
6.5 |
MEDIUM
Network
|
redhat infinispan
|
jboss_data_grid jboss_enterprise_application_platform data_grid infinispan
|
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of t…
|
NVD-CWE-Other
|
CVE-2023-3628
|
2024-09-16 23:15 |
2023-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1857
|
5.9 |
MEDIUM
Network
|
gnu redhat fedoraproject
|
glibc enterprise_linux enterprise_linux_eus enterprise_linux_server_aus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_for_ib…
|
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS…
|
CWE-416
Use After Free
|
CVE-2023-4806
|
2024-09-16 23:15 |
2023-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1858
|
6.5 |
MEDIUM
Network
|
gnu redhat fedoraproject netapp
|
glibc enterprise_linux enterprise_linux_eus enterprise_linux_server_aus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_for_ib…
|
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger…
|
CWE-125
Out-of-bounds Read
|
CVE-2023-4527
|
2024-09-16 23:15 |
2023-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1859
|
5.9 |
MEDIUM
Network
|
gnu redhat fedoraproject netapp
|
glibc enterprise_linux enterprise_linux_server_tus enterprise_linux_eus enterprise_linux_server_aus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian…
|
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo …
|
CWE-416
Use After Free
|
CVE-2023-4813
|
2024-09-16 23:15 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1860
|
2.7 |
LOW
Network
|
sap
|
netweaver_application_server_abap
|
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impa…
|
CWE-862
Missing Authorization
|
CVE-2024-41728
|
2024-09-16 23:14 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|