Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
0.7AI Score
0.001EPSS
Fedora: Security Advisory for libcaca (FEDORA-2022-3d291845d8)
The remote host is missing an update for...
8.8CVSS
8.1AI Score
0.004EPSS
[SECURITY] Fedora 36 Update: libcaca-0.99-0.59.beta20.fc36
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
8.8CVSS
8.2AI Score
0.004EPSS
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant...
7.5CVSS
3.2AI Score
0.003EPSS
Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...
9.5AI Score
[SECURITY] Fedora 34 Update: libcaca-0.99-0.59.beta20.fc34
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
8.8CVSS
7.5AI Score
0.004EPSS
Fedora: Security Advisory for libcaca (FEDORA-2022-fc6b53e7a2)
The remote host is missing an update for...
8.8CVSS
7.5AI Score
0.004EPSS
Fedora: Security Advisory for libcaca (FEDORA-2022-e3b9986722)
The remote host is missing an update for...
8.8CVSS
7.5AI Score
0.004EPSS
openSUSE: Security Advisory for libcaca (openSUSE-SU-2022:0769-1)
The remote host is missing an update for...
7.8CVSS
7.8AI Score
0.002EPSS
[SECURITY] Fedora 35 Update: libcaca-0.99-0.59.beta20.fc35
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
8.8CVSS
7.5AI Score
0.004EPSS
‘Spam Nation’ Villain Vrublevsky Charged With Fraud
Pavel Vrublevsky, founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book "Spam Nation," was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money.....
0.6AI Score
Slims8 Akasia SQL Injection Vulnerability
Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management (e.g. books, journals, digital documents and other library materials) and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...
8.8CVSS
3.5AI Score
0.001EPSS
SUSE SLES11 Security Update : libcaca (SUSE-SU-2022:14909-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14909-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other...
7.8CVSS
8.5AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.002EPSS
SUSE SLES12 Security Update : libcaca (SUSE-SU-2022:0820-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0820-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and...
7.8CVSS
8.5AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.002EPSS
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...
6.5CVSS
6.6AI Score
0.002EPSS
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...
6.5CVSS
6.2AI Score
0.002EPSS
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...
6.5CVSS
4.3AI Score
0.002EPSS
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...
6.5CVSS
6.2AI Score
0.002EPSS
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or...
7.5CVSS
6.3AI Score
0.001EPSS
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar...
4.3CVSS
6.3AI Score
0.001EPSS
openSUSE 15 Security Update : libcaca (openSUSE-SU-2022:0769-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0769-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other...
7.8CVSS
8.4AI Score
0.002EPSS
SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2022:0769-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0769-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to ...
7.8CVSS
8.5AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.002EPSS
SUSE SLES15 Security Update : libcaca (SUSE-SU-2022:0754-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0754-1 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and...
7.8CVSS
8.6AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.002EPSS
Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers
Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while.....
7.9AI Score
Security update for mc (moderate)
An update that fixes one vulnerability is now available. Description: This update for mc fixes the following issues: Midnight Commander 4.8.27: Core Reimplement version detection (#3603, #4249) Significantly reduce rebuilt time after version change (#2252, #4266) Drop automatic migration of...
7.5CVSS
-0.3AI Score
0.004EPSS
Unauthorised AJAX Calls via Freemius
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....
6.7AI Score
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin (versions < 3.6). Solution Update the WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress...
4.4AI Score
Sensitive Information Disclosure vulnerability discovered in WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin (versions < 3.6). Solution Update the WordPress Books Gallery – Best Books Showcase & Library Plugin for WordPress plugin to the latest...
2.8AI Score
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...
5.5CVSS
7AI Score
0.001EPSS
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...
8.8CVSS
8.7AI Score
0.001EPSS
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...
8.8CVSS
0.001EPSS
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...
7.8CVSS
6.7AI Score
0.012EPSS
Server side request forgery (ssrf)
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...
8.8CVSS
8.7AI Score
0.001EPSS
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...
8.8CVSS
6.8AI Score
0.001EPSS
CVE-2022-23644 Server-side request forgery in BookWyrm
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...
8.8CVSS
8.9AI Score
0.001EPSS
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror...
7.5CVSS
6.8AI Score
0.002EPSS
Amy Zegart on Spycraft in the Internet Age
Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling -- and not in a good way. Intelligence collectors are.....
0.6AI Score
Wormhole Crypto Platform: 'Funds Are Safe' After $314M Heist
Wormhole – a web-based blockchain “bridge” that enables users to convert cryptocurrencies – said on Thursday that “all funds are safe” after attackers abused a vulnerability to shake it down for 120,000 Ethereum (approximately $314 million). In a postmortem shared with Threatpost on Thursday,...
10CVSS
-0.7AI Score
0.976EPSS
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run...
7.5CVSS
7AI Score
0.001EPSS
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count....
7.8CVSS
7.9AI Score
0.0005EPSS
8.8CVSS
7.1AI Score
0.004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.002EPSS
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGE_DOCUMENTS permission may view image thumbnails....
5.3CVSS
6.4AI Score
0.001EPSS
7.8CVSS
8.5AI Score
0.0005EPSS
The Data-Centric Approach to Data Privacy
All organizations understand how critical it is to have access to their customers' and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...
0.2AI Score