INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) Security Vulnerabilities
7.4AI Score
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 125 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 125.0.6422.60 (Linux) 125.0.6422.60/.61( Windows, Mac) contains a number of fixes and improvements -- a list of changes is...
7.5AI Score
0.003EPSS
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure
By Waqas A tale of emerging cybercrime and embarrassment for the world's premier law enforcement agency. This is a post from HackRead.com Read the original post: Breach Forums Return to Clearnet and Dark Web Despite FBI...
7.3AI Score
RHEL 8 : idm:DL1 (RHSA-2022:0076)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0076 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...
7.8AI Score
RHEL 8 : idm:DL1 (RHSA-2022:0007)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0007 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...
7.8AI Score
Yonghong Z-Suite is a one-stop big data analytics platform. Yonghong Z-Suite has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
7AI Score
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Vulnerability
Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...
7.5AI Score
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...
6.7AI Score
0.001EPSS
Summary IBM Copy Services Manager is vulnerable to an information disclosure threats ( CVE-2023-33850) and other vulnerabilities ( CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850) due to the use of IBM Java. IBM Java is used by CSM to.....
6.7AI Score
0.001EPSS
Microsoft Azure Active Directory Login Enumeration
This module enumerates valid usernames and passwords against a Microsoft Azure Active Directory domain by utilizing a flaw in how SSO...
7.2AI Score
RHEL 8 : idm:DL1 (RHSA-2021:1983)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1983 advisory. slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) Note that Nessus has not tested for this issue but has instead...
7.4AI Score
RHEL 8 : idm:DL1 (RHSA-2024:0143)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0143 advisory. Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049) ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has...
8.5AI Score
RHEL 8 : idm:DL1 (RHSA-2024:0137)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0137 advisory. Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049) ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has...
8.5AI Score
Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...
6.1AI Score
0.0004EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...
6AI Score
0.001EPSS
7AI Score
0.0004EPSS
7AI Score
0.0004EPSS
Exploit for Improper Access Control in Adobe Coldfusion
Critical vulnerabilities in Adobe Coldfusion (CVE-2023-26359,...
9.3AI Score
0.963EPSS
Fedora 40 : freeipa (2024-4a8d4aedcb)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4a8d4aedcb advisory. A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick...
7.1AI Score
RHEL 8 : idm:DL1 (RHSA-2021:5142)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5142 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) Note that Nessus has not tested for this issue but...
7.8AI Score
7.3AI Score
0.0004EPSS
RHEL 6 : jquery (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Cross-site scripting (XSS) via HTML tags containing whitespaces (CVE-2020-7656) In jQuery...
7.8AI Score
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through...
7.2CVSS
7.5AI Score
0.0004EPSS
EulerOS Virtualization for ARM 64 3.0.2.0 : sssd (EulerOS-SA-2019-1701)
According to the version of the sssd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/'...
5.6AI Score
openSUSE Security Update : sssd (openSUSE-2019-1589)
This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issues fixed : Allow defaults sudoRole without sudoUser attribute (bsc#1135247) ...
6.1AI Score
CVE-2024-3774 aEnrich Technology a+HRD - Exposure of Sensitive Data
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration...
6.8AI Score
0.0005EPSS
Intel Management Engine Authentication Bypass (INTEL-SA-00075) (remote check)
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a NULL HTTP Digest response, to bypass authentication. Note that the vulnerability is.....
1.1AI Score
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
Title: Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Advisory ID: ZSL-2024-5822 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Wayber II is the name of an analogue/digital microwave link able to...
7.7AI Score
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA...
6.8AI Score
0.0004EPSS
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA...
7.4AI Score
0.0004EPSS
A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is.....
6.1CVSS
6.6AI Score
0.001EPSS
7.4AI Score
7.4AI Score
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM...
7.3AI Score
0.0004EPSS
Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and management. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM.....
6.8AI Score
0.001EPSS
RHEL 8 : krb5 (RHSA-2024:0252)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0252 advisory. Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049) ipa: Invalid CSRF protection (CVE-2023-5455) Note that Nessus has...
8.4AI Score
CVE-2024-3689 Zhejiang Land Zongheng Network Technology O2OA information disclosure
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to....
4.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.2AI Score
0.001EPSS
Oracle Linux 7 : ipa (ELSA-2020-0378)
From Red Hat Security Advisory 2020:0378 : An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is....
7.8AI Score
CentOS 8 : sssd (CESA-2024:3270)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:3270 advisory. A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization...
6.6AI Score
Oracle Linux 8 : sssd (ELSA-2024-3270)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3270 advisory. [2.9.4-3.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-3] - Resolves: RHEL-27205 - Race condition during authorization leads to GPO.....
6.7AI Score
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration...
5.3CVSS
7.2AI Score
0.0005EPSS
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized...
5.3CVSS
7.3AI Score
0.0005EPSS
Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-1754)
According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory)...
5.6AI Score
EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-1669)
According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory)...
5.6AI Score
EulerOS 2.0 SP8 : sssd (EulerOS-SA-2019-1660)
According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory)...
5.6AI Score
RHEL 8 : sssd (RHSA-2024:3270)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3270 advisory. The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms....
7.1AI Score
7.5AI Score
0.0004EPSS