Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

9.8CVSS

7.4AI Score

EPSS

2024-04-17 12:00 AM
15
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : texlive (SUSE-SU-2024:1310-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1310-1 advisory. Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this...

6.9AI Score

0.0004EPSS

2024-04-17 12:00 AM
4
openvas
openvas

openSUSE: Security Advisory for texlive (SUSE-SU-2024:1310-1)

The remote host is missing an update for...

6.6AI Score

0.0004EPSS

2024-04-17 12:00 AM
4
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

7.8CVSS

7.9AI Score

EPSS

2024-04-17 12:00 AM
10
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...

8CVSS

6.6AI Score

0.0005EPSS

2024-04-17 12:00 AM
10
ubuntucve
ubuntucve

CVE-2024-31503

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account...

7.1AI Score

0.0004EPSS

2024-04-17 12:00 AM
4
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

7.8CVSS

7.9AI Score

EPSS

2024-04-17 12:00 AM
11
nessus
nessus

Debian dsa-5663 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

7.5AI Score

0.0004EPSS

2024-04-17 12:00 AM
5
qualysblog
qualysblog

How Qualys Supports the National Cyber Security Centre (NCSC)’s Vulnerability Management Guidance

NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk...

7.2AI Score

2024-04-16 07:00 PM
11
ics
ics

Electrolink FM/DAB/TV Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Electrolink Equipment: FM/DAB/TV Transmitter Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and...

8.8CVSS

9.2AI Score

0.0004EPSS

2024-04-16 12:00 PM
10
cvelist
cvelist

CVE-2024-31503

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account...

6.6AI Score

0.0004EPSS

2024-04-16 12:00 AM
nessus
nessus

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) Faulty...

7.5CVSS

8.2AI Score

0.732EPSS

2024-04-16 12:00 AM
20
cvelist
cvelist

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-04-15 09:00 PM
vulnrichment
vulnrichment

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-04-15 09:00 PM
packetstorm

7.4AI Score

EPSS

2024-04-15 12:00 AM
67
packetstorm

9.8CVSS

7.4AI Score

0.96EPSS

2024-04-15 12:00 AM
126
zdt
zdt

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

9.8CVSS

8.8AI Score

0.96EPSS

2024-04-15 12:00 AM
53
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Vulnerabilidad CVE-2024-3400 Descripción La...

10CVSS

9.8AI Score

0.957EPSS

2024-04-14 07:11 PM
91
openbugbounty
openbugbounty

moutarde-de-meaux.com Cross Site Scripting vulnerability OBB-3917843

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-13 05:17 PM
7
thn
thn

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...

10CVSS

9.9AI Score

0.957EPSS

2024-04-13 08:25 AM
65
nessus
nessus

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

8CVSS

7.6AI Score

EPSS

2024-04-13 12:00 AM
26
exploitdb

7.4AI Score

EPSS

2024-04-13 12:00 AM
75
ibm
ibm

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...

9.8CVSS

9.8AI Score

0.974EPSS

2024-04-12 05:44 PM
11
qualysblog
qualysblog

De-risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys VMDR and Software Composition Analysis

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...

7AI Score

2024-04-12 03:29 PM
11
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

9.8CVSS

10AI Score

0.051EPSS

2024-04-12 02:36 PM
11
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.8CVSS

9.9AI Score

0.007EPSS

2024-04-12 02:33 PM
16
nvd
nvd

CVE-2024-31372

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-04-12 10:15 AM
cve
cve

CVE-2024-31372

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-04-12 10:15 AM
22
cvelist
cvelist

CVE-2024-31372 WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-04-12 09:27 AM
nessus
nessus

Apache Superset < 2.1.0 Hardcoded Secret Key

Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as...

7.3AI Score

2024-04-12 12:00 AM
4
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....

9.8CVSS

10AI Score

0.962EPSS

2024-04-11 06:19 PM
23
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

9.9CVSS

9.8AI Score

0.082EPSS

2024-04-11 05:23 PM
31
openbugbounty
openbugbounty

chains24.de Cross Site Scripting vulnerability OBB-3917217

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 05:00 PM
5
openbugbounty
openbugbounty

sportstudio-v8.de Cross Site Scripting vulnerability OBB-3916061

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 12:34 PM
4
openbugbounty
openbugbounty

jahrestreffen21.de Cross Site Scripting vulnerability OBB-3915887

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 11:56 AM
3
openbugbounty
openbugbounty

de-haardt.com Cross Site Scripting vulnerability OBB-3915788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 11:32 AM
4
schneier
schneier

Backdoor in XZ Utils That Almost Happened

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention--but it should. There’s an important moral to the story of the attack and its discovery: The...

7.6AI Score

2024-04-11 11:01 AM
12
openbugbounty
openbugbounty

izodom2000.de Cross Site Scripting vulnerability OBB-3915546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 10:34 AM
3
openbugbounty
openbugbounty

gmds-tmf-2021.de Cross Site Scripting vulnerability OBB-3915519

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 10:28 AM
4
openbugbounty
openbugbounty

bikersfashion24.de Cross Site Scripting vulnerability OBB-3915445

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 10:10 AM
3
openbugbounty
openbugbounty

au-paradis-de-romain.site Cross Site Scripting vulnerability OBB-3914791

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 07:40 AM
4
thn
thn

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code...

9.6CVSS

8.8AI Score

EPSS

2024-04-11 05:23 AM
16
nessus
nessus

Juniper Junos OS Multiple Vulnerabilities (JSA79108)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...

9.8CVSS

9.3AI Score

0.007EPSS

2024-04-11 12:00 AM
72
zdt
zdt

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command...

7.7AI Score

0.001EPSS

2024-04-11 12:00 AM
67
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0116)

The remote host is missing an update for...

8.8CVSS

8.8AI Score

0.001EPSS

2024-04-11 12:00 AM
2
nessus
nessus

FreeBSD : wordpress -- XSS (ea4a2dfc-f761-11ee-af2c-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4a2dfc-f761-11ee-af2c-589cfc0f81b0 advisory. The Wordpress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block...

6AI Score

2024-04-11 12:00 AM
5
packetstorm

7.4AI Score

0.001EPSS

2024-04-11 12:00 AM
65
osv
osv

CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

4.2CVSS

7AI Score

0.0004EPSS

2024-04-10 11:15 PM
5
Total number of security vulnerabilities51354