Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

github
github

Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....

5.8AI Score

2024-05-17 11:04 PM
7
rapid7blog
rapid7blog

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

7.5AI Score

2024-05-17 08:11 PM
8
debian
debian

[SECURITY] [DSA 5693-1] thunderbird security update

Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-4367 CVE-2024-4767...

7.1AI Score

0.0004EPSS

2024-05-17 05:04 PM
cve
cve

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an...

5.9AI Score

EPSS

2024-05-17 08:15 AM
24
nvd
nvd

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an...

5.8AI Score

EPSS

2024-05-17 08:15 AM
veracode
veracode

Session Hijacking

illuminate/auth is vulnerable to Session Hijacking. The vulnerability is due to insecure handling of "remember me" cookies, where previously hijacked cookies would remain valid even after the user's password was reset or they logged...

7.2AI Score

2024-05-17 06:12 AM
1
ibm
ibm

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...

9.8CVSS

9.5AI Score

0.973EPSS

2024-05-17 04:36 AM
10
openvas
openvas

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1703)

The remote host is missing an update for the Huawei...

8.1CVSS

7.4AI Score

0.01EPSS

2024-05-17 12:00 AM
1
nessus
nessus

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2024-1684)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57....

7.5CVSS

7.5AI Score

0.732EPSS

2024-05-17 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1684)

The remote host is missing an update for the Huawei...

7.5CVSS

8.7AI Score

0.732EPSS

2024-05-17 12:00 AM
3
nessus
nessus

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

3.7CVSS

7.5AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.6.0 : python-urllib3 (EulerOS-SA-2024-1703)

According to the versions of the python-urllib3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a...

8.1CVSS

6.8AI Score

0.01EPSS

2024-05-17 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1702)

The remote host is missing an update for the Huawei...

8.1CVSS

7.4AI Score

0.01EPSS

2024-05-17 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)

The remote host is missing an update for the Huawei...

6.5CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6774-1)

The remote host is missing an update for...

6.5CVSS

7AI Score

EPSS

2024-05-17 12:00 AM
13
nessus
nessus

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

6.5CVSS

7.2AI Score

0.001EPSS

2024-05-17 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-3815-1)

The remote host is missing an update for the...

6.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)

The remote host is missing an update for the Huawei...

7.5CVSS

6.7AI Score

0.001EPSS

2024-05-17 12:00 AM
1
nessus
nessus

GitLab 3.0.29 < 4.0.5 (CVE-2023-1401)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization....

5CVSS

6.7AI Score

0.0004EPSS

2024-05-17 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.6.0 : python-pip (EulerOS-SA-2024-1702)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a...

8.1CVSS

7.3AI Score

0.01EPSS

2024-05-17 12:00 AM
nessus
nessus

EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2024-1682)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed,...

7.5CVSS

7.4AI Score

0.001EPSS

2024-05-17 12:00 AM
1
nessus
nessus

Debian dsa-5693 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] ...

8.8AI Score

0.0004EPSS

2024-05-17 12:00 AM
3
debiancve
debiancve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
7
nvd
nvd

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
cve
cve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-16 09:16 PM
32
cvelist
cvelist

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.2AI Score

0.0004EPSS

2024-05-16 08:46 PM
osv
osv

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

4.9CVSS

6.8AI Score

0.0004EPSS

2024-05-16 07:15 PM
1
osv
osv

linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Sander....

6.5CVSS

6.6AI Score

EPSS

2024-05-16 02:27 PM
6
ics
ics

Siemens SIMATIC RTLS Locating Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

10CVSS

9.2AI Score

0.009EPSS

2024-05-16 12:00 PM
9
githubexploit
githubexploit

Exploit for CVE-2024-23897

PoC para explotar la vulnerabilidad CVE-2024-23897 en versiones...

9.8CVSS

6.3AI Score

0.961EPSS

2024-05-16 09:32 AM
159
debian
debian

[SECURITY] [DLA 3815-1] firefox-esr security update

Debian LTS Advisory DLA-3815-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 16, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.11.0esr-1~deb10u1 CVE...

0.0004EPSS

2024-05-16 07:16 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6766-2)

The remote host is missing an update for...

7.8CVSS

7.1AI Score

EPSS

2024-05-16 12:00 AM
8
nessus
nessus

Apache Superset Known Default SECRET_KEY (CVE-2023-27524)

The Apache Superset install on the remote host is configured to use a known default SECRET_KEY. This can allow a remote, unauthenticated attacker to forge session cookies as arbitrary users, bypassing authentication and leading to remote code...

9.8CVSS

8.5AI Score

0.971EPSS

2024-05-16 12:00 AM
7
openvas
openvas

Debian: Security Advisory (DSA-5690-1)

The remote host is missing an update for the...

7.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...

7.8CVSS

7.7AI Score

0.0005EPSS

2024-05-16 12:00 AM
8
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1650-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1650-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...

7.8CVSS

8.1AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DSA-5691-1)

The remote host is missing an update for the...

7.1AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)

The remote host is missing an update for the Huawei...

3.7CVSS

7.1AI Score

0.001EPSS

2024-05-16 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2278989...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
nessus
nessus

Debian dla-3815 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3815 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects...

7.7AI Score

0.0004EPSS

2024-05-16 12:00 AM
2
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for...

6.5CVSS

6.5AI Score

EPSS

2024-05-16 12:00 AM
12
osv
osv

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This.....

7.1AI Score

2024-05-15 10:06 PM
3
github
github

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This.....

7.1AI Score

2024-05-15 10:06 PM
2
osv
osv

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This.....

7.1AI Score

2024-05-15 09:50 PM
2
github
github

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This.....

7.1AI Score

2024-05-15 09:50 PM
3
github
github

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

7AI Score

2024-05-15 05:52 PM
4
osv
osv

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

7AI Score

2024-05-15 05:52 PM
4
debian
debian

[SECURITY] [DSA 5691-1] firefox-esr security update

Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...

7.4AI Score

0.0004EPSS

2024-05-15 05:48 PM
4
debian
debian

[SECURITY] [DSA 5690-1] libreoffice security update

Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...

6.6AI Score

0.0004EPSS

2024-05-15 05:47 PM
osv
osv

linux-hwe-5.15, linux-raspi vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 03:15 PM
5
Total number of security vulnerabilities51354