Lucene search

K

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-34115 ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

7.4AI Score

0.001EPSS

2024-06-13 11:25 AM
cvelist
cvelist

CVE-2024-20753 Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

7.8CVSS

0.001EPSS

2024-06-13 11:22 AM
6
vulnrichment
vulnrichment

CVE-2024-20753 Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 11:22 AM
1
schneier
schneier

AI and the Indian Election

As India concluded the world's largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of...

7.2AI Score

2024-06-13 11:02 AM
1
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
1
securelist
securelist

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

6.4CVSS

8.2AI Score

0.001EPSS

2024-06-13 10:00 AM
3
githubexploit
githubexploit

Exploit for Insufficiently Protected Credentials in Kyocera Net Viewer

kygocera (CVE-2022-1026) Improved Golang Version of Rapid7...

7.3AI Score

2024-06-13 09:40 AM
52
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
14
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
cvelist
cvelist

CVE-2024-5265 WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

0.0004EPSS

2024-06-13 06:42 AM
1
nvd
nvd

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

0.0004EPSS

2024-06-13 06:15 AM
1
cve
cve

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
14
cvelist
cvelist

CVE-2024-2762 FooGallery < 2.4.15 - Author+ Stored XSS

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

0.0004EPSS

2024-06-13 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-2762 FooGallery < 2.4.15 - Author+ Stored XSS

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

5.9AI Score

0.0004EPSS

2024-06-13 06:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
googleprojectzero
googleprojectzero

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5847

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
nessus
nessus

Microsoft Edge (Chromium) < 126.0.2592.56 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.56. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2024 advisory. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-30058, CVE-2024-38083) Type...

5.4CVSS

8.4AI Score

0.0005EPSS

2024-06-13 12:00 AM
1
nessus
nessus

Adobe Substance 3D Stager < 3.0.2 Multiple Vulnerabilities (APSB24-43) (macOS)

The version of Adobe Substance 3D Stager installed on the remote macOS host is prior to 3.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-43 advisory. Successful exploitation could lead to arbitrary code execution in the context of the current user. Note...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-13 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6831-1)

The remote host is missing an update for...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5845

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
mozilla
mozilla

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which.....

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
6
redos
redos

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2012-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ...

6.5CVSS

5.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5846

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
wpvulndb
wpvulndb

Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it.....

8.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
osv
osv

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
osv
osv

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
nvd
nvd

CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the...

6.1CVSS

0.0004EPSS

2024-06-12 06:15 PM
3
cve
cve

CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-12 06:15 PM
19
nvd
nvd

CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the...

7.8CVSS

0.0004EPSS

2024-06-12 06:15 PM
5
cve
cve

CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the...

7.8CVSS

7.9AI Score

0.0004EPSS

2024-06-12 06:15 PM
20
nvd
nvd

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...

7.8CVSS

0.001EPSS

2024-06-12 06:15 PM
2
cve
cve

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...

7.8CVSS

6.8AI Score

0.001EPSS

2024-06-12 06:15 PM
18
cvelist
cvelist

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...

7.8CVSS

0.001EPSS

2024-06-12 05:23 PM
2
vulnrichment
vulnrichment

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...

7.8CVSS

6.7AI Score

0.001EPSS

2024-06-12 05:23 PM
1
cvelist
cvelist

CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the...

6.1CVSS

0.0004EPSS

2024-06-12 05:18 PM
4
nvd
nvd

CVE-2024-5558

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin...

6.4CVSS

0.0004EPSS

2024-06-12 05:15 PM
3
cve
cve

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
20
nvd
nvd

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP...

5.3CVSS

0.0004EPSS

2024-06-12 05:15 PM
2
cve
cve

CVE-2024-5558

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin...

6.4CVSS

7.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
19
nvd
nvd

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller...

4.5CVSS

0.0004EPSS

2024-06-12 05:15 PM
3
Total number of security vulnerabilities163355