CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY
Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with
Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with
Description IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection
Description IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute
Description Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create
Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3
Description A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote
Description IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to
Description A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could
Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version
Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute
Description IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A
Description Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege
Description IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This
Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file
Description Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component),
Description A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow
Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker
Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka
Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an
Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a
Description A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser
Description pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions
Description File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code