Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

openvas
openvas

Mageia: Security Advisory (MGASA-2024-0191)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
4
nvd
nvd

CVE-2024-34274

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...

7.4AI Score

EPSS

2024-05-21 08:15 PM
cve
cve

CVE-2024-34274

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...

8.1AI Score

EPSS

2024-05-21 08:15 PM
28
osv
osv

scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor...

6.9AI Score

2024-05-21 06:16 PM
2
github
github

scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor...

6.9AI Score

2024-05-21 06:16 PM
6
debiancve
debiancve

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
6
nvd
nvd

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.3AI Score

0.0004EPSS

2024-05-21 04:15 PM
cve
cve

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cvelist
cvelist

CVE-2023-52849 cxl/mem: Fix shutdown order

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.3AI Score

0.0004EPSS

2024-05-21 03:31 PM
1
vulnrichment
vulnrichment

CVE-2023-52849 cxl/mem: Fix shutdown order

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.7AI Score

0.0004EPSS

2024-05-21 03:31 PM
1
nvd
nvd

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.4AI Score

0.0004EPSS

2024-05-21 03:15 PM
cve
cve

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.6AI Score

0.0004EPSS

2024-05-21 03:15 PM
27
debiancve
debiancve

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s)...

7AI Score

0.0004EPSS

2024-05-21 03:15 PM
2
debiancve
debiancve

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

7.3AI Score

0.0004EPSS

2024-05-21 03:15 PM
4
nvd
nvd

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

6.6AI Score

0.0004EPSS

2024-05-21 03:15 PM
cve
cve

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

6.8AI Score

0.0004EPSS

2024-05-21 03:15 PM
30
cvelist
cvelist

CVE-2020-36788 drm/nouveau: avoid a use-after-free when BO init fails

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

6.5AI Score

0.0004EPSS

2024-05-21 03:03 PM
vulnrichment
vulnrichment

CVE-2020-36788 drm/nouveau: avoid a use-after-free when BO init fails

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

7AI Score

0.0004EPSS

2024-05-21 03:03 PM
cvelist
cvelist

CVE-2021-47292 io_uring: fix memleak in io_init_wq_offload()

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.4AI Score

0.0004EPSS

2024-05-21 02:35 PM
vulnrichment
vulnrichment

CVE-2021-47292 io_uring: fix memleak in io_init_wq_offload()

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.8AI Score

0.0004EPSS

2024-05-21 02:35 PM
1
githubexploit
githubexploit

Exploit for Link Following in Git

CVE-2024-32002-Reverse-Shell Este script demuestra cómo...

9CVSS

9.2AI Score

0.001EPSS

2024-05-21 01:45 PM
200
ics
ics

LCDS LAquis SCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.8CVSS

7.2AI Score

0.001EPSS

2024-05-21 12:00 PM
17
nessus
nessus

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6779-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6779-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially...

8.9AI Score

0.0004EPSS

2024-05-21 12:00 AM
5
ubuntu
ubuntu

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

8AI Score

0.0004EPSS

2024-05-21 12:00 AM
5
ubuntucve
ubuntucve

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6766-3)

The remote host is missing an update for...

7.8CVSS

7AI Score

EPSS

2024-05-21 12:00 AM
2
ubuntucve
ubuntucve

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

6.9AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
ubuntucve
ubuntucve

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.6AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-3817-1)

The remote host is missing an update for the...

6.7AI Score

0.0004EPSS

2024-05-21 12:00 AM
1
github
github

Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...

6.4AI Score

2024-05-20 04:51 PM
4
osv
osv

Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...

6.4AI Score

2024-05-20 04:51 PM
2
redhatcve
redhatcve

CVE-2024-35870

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a)....

6.3AI Score

0.0004EPSS

2024-05-20 01:44 PM
1
osv
osv

linux-aws, linux-aws-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

7.8CVSS

6.8AI Score

EPSS

2024-05-20 01:05 PM
4
thn
thn

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

7.1AI Score

2024-05-20 12:20 PM
1
openbugbounty
openbugbounty

para-bellum.com Cross Site Scripting vulnerability OBB-3928955

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-20 08:42 AM
3
debian
debian

[SECURITY] [DLA 3817-1] thunderbird security update

Debian LTS Advisory DLA-3817-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.11.0-1~deb10u1 CVE...

7.4AI Score

0.0004EPSS

2024-05-20 08:15 AM
veracode
veracode

Cookie Leakage

amphp/artax is vulnerable to Cookie Leakage. The vulnerability is due to cookies being leaked to unauthorized domains, which allows an attacker to manipulate cookies in such a way where cookies of foo.bar.example.com were leaked to...

6.9AI Score

2024-05-20 08:11 AM
2
thn
thn

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

8.2AI Score

2024-05-20 05:47 AM
5
openvas
openvas

Debian: Security Advisory (DSA-5693-1)

The remote host is missing an update for the...

6.7AI Score

0.0004EPSS

2024-05-20 12:00 AM
2
nessus
nessus

Debian dla-3817 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3817 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects...

8.4AI Score

0.0004EPSS

2024-05-20 12:00 AM
1
ubuntu
ubuntu

Linux kernel (AWS) vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack...

7.8CVSS

7.5AI Score

EPSS

2024-05-20 12:00 AM
9
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-3 advisory. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations...

7.8CVSS

6.8AI Score

EPSS

2024-05-20 12:00 AM
7
kitploit
kitploit

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC...

7AI Score

2024-05-19 12:30 PM
11
cve
cve

CVE-2024-35870

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...

6.5AI Score

0.0004EPSS

2024-05-19 09:15 AM
27
debiancve
debiancve

CVE-2024-35870

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...

6.8AI Score

0.0004EPSS

2024-05-19 09:15 AM
2
nvd
nvd

CVE-2024-35870

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...

6.3AI Score

0.0004EPSS

2024-05-19 09:15 AM
vulnrichment
vulnrichment

CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...

6.6AI Score

0.0004EPSS

2024-05-19 08:34 AM
cvelist
cvelist

CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...

6.2AI Score

0.0004EPSS

2024-05-19 08:34 AM
ubuntucve
ubuntucve

CVE-2024-35870

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a)....

6.5AI Score

0.0004EPSS

2024-05-19 12:00 AM
2
osv
osv

Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....

5.8AI Score

2024-05-17 11:04 PM
5
Total number of security vulnerabilities51575