CVE-2024-1471
published 2024-02-14CVE-2024-1471: An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify…
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.41%
32.4th percentile
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | security_center | < 6.3.0 | 6.3.0 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle9.8HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j55-g998-6v4p: An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could
ghsa_unreviewed·2024-02-15
CVE-2024-1471 [MEDIUM] CWE-20 GHSA-9j55-g998-6v4p: An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
Red Hat
kernel: ipvs: properly dereference pe in ip_vs_add_service
vendor_redhat·2024-08-17·CVSS 5.5
CVE-2024-42322 [MEDIUM] kernel: ipvs: properly dereference pe in ip_vs_add_service
kernel: ipvs: properly dereference pe in ip_vs_add_service
In the Linux kernel, the following vulnerability has been resolved:
ipvs: properly dereference pe in ip_vs_add_service
Use pe directly to resolve sparse warning:
net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
An improper dereference was found in the Linux kernel in ip_vs_add_service. This may lead to a crash.
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 9) - Will not fix
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (SnakeYAML) — CVE-2022-1471
vendor_oracle·2024-04-15·CVSS 9.8
CVE-2022-1471 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (SnakeYAML) — CVE-2022-1471
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (SnakeYAML) vulnerability
CVE: CVE-2022-1471
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Oracle
Oracle Oracle Communications Applications Risk Matrix: PSR Designer (SnakeYAML) — CVE-2022-1471
vendor_oracle·2024-01-15·CVSS 9.8
CVE-2022-1471 [HIGH] Oracle Oracle Communications Applications Risk Matrix: PSR Designer (SnakeYAML) — CVE-2022-1471
Oracle Oracle Communications Applications Risk Matrix: PSR Designer (SnakeYAML) vulnerability
CVE: CVE-2022-1471
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
No detection rules found.
No public exploits indexed.
2024-02-14
Published