Lucene search

K

1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect In AWS, Azure, GCP Security Vulnerabilities

mageia
mageia

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user....

8.5CVSS

7.5AI Score

0.005EPSS

2024-06-16 02:07 AM
6
mageia
mageia

Updated nss & firefox packages fix security vulnerabilities

Use-after-free in networking. (CVE-2024-5702) Use-after-free in JavaScript object transplant. (CVE-2024-5688) External protocol handlers leaked by timing attack. (CVE-2024-5690) Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Cross-Origin Image leak....

7.9AI Score

0.0004EPSS

2024-06-16 02:07 AM
6
fedora
fedora

[SECURITY] Fedora 39 Update: booth-1.0-283.5.9d4029a.git.fc39

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in...

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-16 01:28 AM
osv
osv

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially...

8.1AI Score

0.0004EPSS

2024-06-16 01:15 AM
cve
cve

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially...

7.9AI Score

0.0004EPSS

2024-06-16 01:15 AM
1
nvd
nvd

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially...

0.0004EPSS

2024-06-16 01:15 AM
1
cve
cve

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules...

6.8AI Score

0.0004EPSS

2024-06-16 12:15 AM
8
nvd
nvd

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules...

0.0004EPSS

2024-06-16 12:15 AM
1
debiancve
debiancve

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules...

6.9AI Score

0.0004EPSS

2024-06-16 12:15 AM
cvelist
cvelist

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

0.0004EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

0.0004EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-38443

C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50...

0.0004EPSS

2024-06-16 12:00 AM
2
osv
osv

libndp - security update

Bulletin has no...

7.4CVSS

7.2AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

6.7AI Score

0.0004EPSS

2024-06-16 12:00 AM
2
cvelist
cvelist

CVE-2024-38440

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of incorrectly using FPLoginExt in BN_bin2bn in...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38458

Xenforo before 2.2.16 allows code...

0.0004EPSS

2024-06-16 12:00 AM
vulnrichment
vulnrichment

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

5.9AI Score

0.001EPSS

2024-06-16 12:00 AM
nessus
nessus

Fedora 40 : thunderbird (2024-748bedc96c)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-748bedc96c advisory. Update to 115.12.0 * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ *...

7.7AI Score

2024-06-16 12:00 AM
osv
osv

libvpx - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

Fedora 40 : booth (2024-8a545718b1)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8a545718b1 advisory. Security fix for CVE-2024-3049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38459

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...

0.0004EPSS

2024-06-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38441

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in...

7.4AI Score

0.0004EPSS

2024-06-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.1AI Score

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38448

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be...

0.0004EPSS

2024-06-16 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-38459

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...

7AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

6.5AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

Debian dsa-5712 : ffmpeg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...

8AI Score

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...

4.9CVSS

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

Fedora 39 : booth (2024-17e71fc540)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-17e71fc540 advisory. Security fix for CVE-2024-3049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

7.4CVSS

7AI Score

0.001EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38457

Xenforo before 2.2.16 allows...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38439

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning...

0.0004EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-38441

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in...

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

0.001EPSS

2024-06-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...

4.9CVSS

7AI Score

0.0004EPSS

2024-06-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning...

6.8AI Score

0.0004EPSS

2024-06-16 12:00 AM
krebs
krebs

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI Score

2024-06-15 11:40 PM
11
openbugbounty
openbugbounty

ectm.fr Cross Site Scripting vulnerability OBB-3935473

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-15 09:45 PM
4
openbugbounty
openbugbounty

toutembal.fr Cross Site Scripting vulnerability OBB-3935472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-15 09:23 PM
5
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

10AI Score

0.001EPSS

2024-06-15 07:37 PM
287
cve
cve

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 07:15 PM
13
nvd
nvd

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 07:15 PM
1
vulnrichment
vulnrichment

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 06:31 PM
cvelist
cvelist

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 06:31 PM
2
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 In PHP when using Apache and PHP-CGI on...

9.8CVSS

8.7AI Score

0.932EPSS

2024-06-15 06:05 PM
48
openbugbounty
openbugbounty

bazakolejowa.pl Cross Site Scripting vulnerability OBB-3935467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-15 05:40 PM
4
nvd
nvd

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

0.0004EPSS

2024-06-15 05:15 PM
4
Total number of security vulnerabilities3048562