Lucene search

K

Online Tours & Travels Management System Security Vulnerabilities

cvelist
cvelist

CVE-2024-20075

In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID:...

2024-06-03 02:04 AM
2
cvelist
cvelist

CVE-2024-20074

In dmc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08668110; Issue ID:...

2024-06-03 02:04 AM
cvelist
cvelist

CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID:...

2024-06-03 02:04 AM
2
cvelist
cvelist

CVE-2024-20072

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID:...

2024-06-03 02:04 AM
cvelist
cvelist

CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID:...

2024-06-03 02:04 AM
1
cvelist
cvelist

CVE-2024-20068

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID:...

2024-06-03 02:04 AM
jvn
jvn

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting (CWE-79) CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component (CWE-1395) Known...

2024-06-03 12:00 AM
github
github

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...

2024-06-02 10:30 PM
2
github
github

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

2024-06-02 10:28 PM
2
github
github

Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....

2024-06-02 10:28 PM
3
redhatcve
redhatcve

CVE-2023-52882

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other.....

7.2AI Score

2024-06-02 04:30 PM
3
cvelist
cvelist

CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection

A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...

7.6AI Score

2024-06-02 03:00 PM
cvelist
cvelist

CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...

7.3AI Score

2024-06-02 01:23 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-24919

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

6.3AI Score

0.019EPSS

2024-06-02 08:19 AM
16
githubexploit
githubexploit

Exploit for CVE-2024-24919

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

6.3AI Score

0.019EPSS

2024-06-02 08:19 AM
23
fedora
fedora

[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interf ace It can also work in client/server mode. Remote monitoring could be...

0.0004EPSS

2024-06-02 03:39 AM
2
fedora
fedora

[SECURITY] Fedora 39 Update: rust-uu_unlink-0.0.23-3.fc39

unlink ~ (uutils) remove a (file system) link to...

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-uu_ln-0.0.23-3.fc39

ln ~ (uutils) create a (file system) link to...

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-uu_link-0.0.23-4.fc39

link ~ (uutils) create a hard (file system) link to...

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-uu_df-0.0.23-3.fc39

df ~ (uutils) display file system...

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-sinit-0.1.2-6.fc39

Simple init system for use in...

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...

2024-06-02 03:39 AM
fedora
2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 40 Update: glances-4.0.5-2.fc40

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interf ace It can also work in client/server mode. Remote monitoring could be...

7AI Score

0.0004EPSS

2024-06-02 01:23 AM
1
kitploit
kitploit

Reaper - Proof Of Concept On BYOVD Attack

Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit the driver to perform malicious actions. Reaper was...

7.5AI Score

2024-06-01 12:30 PM
3
exploitdb

7AI Score

0.004EPSS

2024-06-01 12:00 AM
44
exploitdb

7.1AI Score

0.013EPSS

2024-06-01 12:00 AM
39
githubexploit
githubexploit

Exploit for CVE-2024-24919

Exploit for CVE-2024-24919 Description This Python...

6.3AI Score

0.019EPSS

2024-05-31 10:07 PM
49
cvelist
cvelist

CVE-2024-34008 moodle: CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.9AI Score

2024-05-31 08:44 PM
cvelist
cvelist

CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets

Actions in the admin preset tool did not include the necessary token to prevent a CSRF...

6.9AI Score

2024-05-31 08:06 PM
2
rapid7blog
rapid7blog

New! Insight Agent Support for ARM-based Windows in InsightVM

We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...

7.1AI Score

2024-05-31 06:34 PM
3
githubexploit
githubexploit

Exploit for CVE-2024-24919

CVE-2024-24919 Exploit Overview This repository contains...

6.5AI Score

0.019EPSS

2024-05-31 06:14 PM
52
cvelist
cvelist

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...

7.8AI Score

2024-05-31 05:38 PM
cvelist
cvelist

CVE-2023-38042

A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as...

7.6AI Score

2024-05-31 05:38 PM
2
metasploit
metasploit

OS X x64 Shell Bind TCP

Bind an arbitrary command to an arbitrary...

7.5AI Score

2024-05-31 05:21 PM
33
githubexploit
githubexploit

Exploit for CVE-2024-24919

CVE-2024-24919 Exploit tool to validate CVE-2024-24919...

6.2AI Score

0.019EPSS

2024-05-31 05:14 PM
62
metasploit
metasploit

OSX aarch64 Shell Reverse TCP

Connect back to attacker and spawn a command...

7.4AI Score

2024-05-31 05:05 PM
31
metasploit
metasploit

OSX aarch64 Execute Command

Execute an arbitrary...

7.5AI Score

2024-05-31 04:51 PM
32
redhat
redhat

(RHSA-2024:3529) Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) ...

6.7AI Score

0.003EPSS

2024-05-31 03:40 PM
3
redhat
redhat

(RHSA-2024:3528) Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) kernel: nf_tables: use-after-free vulnerability...

6.7AI Score

0.003EPSS

2024-05-31 03:39 PM
1
ibm
ibm

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

6.1AI Score

2024-05-31 02:39 PM
2
cvelist
cvelist

CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate

casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...

7.2AI Score

2024-05-31 02:37 PM
8
kitploit
kitploit

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

7AI Score

2024-05-31 12:30 PM
5
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
4
schneier
schneier

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

7.4AI Score

2024-05-31 11:04 AM
5
ibm
ibm

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...

7AI Score

0.0004EPSS

2024-05-31 10:42 AM
1
cve
cve

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

9.8CVSS

8.6AI Score

2024-05-31 10:15 AM
14
cvelist
cvelist

CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

8.1AI Score

2024-05-31 09:36 AM
5
cve
cve

CVE-2024-5525

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...

8.3CVSS

7.1AI Score

0.0004EPSS

2024-05-31 08:15 AM
10
veracode
veracode

XML External Entity (XXE) Injection

symfony/serializer is vulnerable to XML External Entity (XXE) injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection...

7.8AI Score

2024-05-31 07:50 AM
Total number of security vulnerabilities422652