Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
0.003EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
0.003EPSS
Grafana account takeover via OAuth vulnerability
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9,...
7.5CVSS
0.002EPSS
Grafana account takeover via OAuth vulnerability
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9,...
7.5CVSS
0.002EPSS
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
5.4CVSS
6.7AI Score
0.0004EPSS
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made....
5.9CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms offered,...
5.9CVSS
6.9AI Score
0.962EPSS
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe...
7.1AI Score
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Ongoing Malvertising Campaign leads to Ransomware
Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...
7.4AI Score
CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made....
5.8AI Score
6.5AI Score
RHEL 7 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c (CVE-2019-15505) kernel: lack...
8.4AI Score
RHEL 5 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: command injection via crafted configuration file (CVE-2020-1931) A denial of service...
9.9AI Score
RHEL 5 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...
9.8AI Score
RHEL 8 : audiofile (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of...
7.3AI Score
RHEL 6 : poppler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc ...
8.4AI Score
RHEL 5 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: /invalidaccess bypass after failed restore (699654) (CVE-2018-16509) ghostscript: Safer...
9.1AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.5AI Score
RHEL 8 : ovirt-hosted-engine-setup (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. ovirt-hosted-engine-setup: root password exposed in log file (CVE-2018-1000018) Note that Nessus has not tested for...
7.5AI Score
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.2AI Score
RHEL 5 : poppler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial...
8.9AI Score
RHEL 5 : setup (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113) Note that Nessus has not tested...
7.4AI Score
RHEL 6 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) ...
9.7AI Score
RHEL 6 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Malicious rule configuration files can be configured to run system commands...
8.7AI Score
RHEL 7 : xstream (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by ...
8.4AI Score
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...
7.7AI Score
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1605)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1582)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.001EPSS
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
7.6AI Score
Save as PDF < 3.2.0 - Admin+ Stored XSS
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
0.0004EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.3AI Score
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.2AI Score
EulerOS 2.0 SP10 : xorg-x11-server (EulerOS-SA-2024-1605)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly...
8AI Score
EulerOS 2.0 SP10 : xorg-x11-server (EulerOS-SA-2024-1582)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly...
8AI Score
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.5AI Score
5CVSS
7.1AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.1AI Score
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
Crelly Slider <= 1.4.5 - Admin+ Stored XSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Ditty < 3.1.36 - Author+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC The PoC will be displayed on May....
5.7AI Score
Oracle Linux 9 : tigervnc (ELSA-2024-2298)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2298 advisory. A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen...
7.7AI Score
Ditty < 3.1.36 - Author+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
6AI Score
Oracle Linux 9 : xorg-x11-server (ELSA-2024-2169)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2169 advisory. A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen...
8.3AI Score