Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

osv
osv

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

7AI Score

2024-05-15 05:52 PM
4
debian
debian

[SECURITY] [DSA 5691-1] firefox-esr security update

Debian Security Advisory DSA-5691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-4367 CVE-2024-4767...

7.4AI Score

0.0004EPSS

2024-05-15 05:48 PM
6
debian
debian

[SECURITY] [DSA 5690-1] libreoffice security update

Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...

6.6AI Score

0.0004EPSS

2024-05-15 05:47 PM
3
osv
osv

linux-hwe-5.15, linux-raspi vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 03:15 PM
8
kitploit
kitploit

Subhunter - A Fast Subdomain Takeover Tool

Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when.....

7.3AI Score

2024-05-15 12:30 PM
18
openbugbounty
openbugbounty

gites-de-france-hautes-alpes.com Cross Site Scripting vulnerability OBB-3928007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-15 12:16 PM
6
nessus
nessus

Debian dsa-5691 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5691 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5691-1 [email protected] ...

7.5AI Score

0.0004EPSS

2024-05-15 12:00 AM
3
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 12:00 AM
9
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
15
packetstorm

7.4CVSS

7.1AI Score

0.0004EPSS

2024-05-15 12:00 AM
155
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
8
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
9
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
15
gitlab
gitlab

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

7AI Score

2024-05-15 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...

7.8CVSS

7.6AI Score

EPSS

2024-05-15 12:00 AM
6
nessus
nessus

Debian dsa-5690 : fonts-opensymbol - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] ...

6AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1642-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1642-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-05-15 12:00 AM
9
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
11
osv
osv

Reportico Web fails to invalidate cookies upon logout

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...

6.4AI Score

EPSS

2024-05-14 09:34 PM
9
github
github

Reportico Web fails to invalidate cookies upon logout

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...

6.8AI Score

EPSS

2024-05-14 09:34 PM
4
redhatcve
redhatcve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-14 08:54 PM
13
nvd
nvd

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-14 04:17 PM
25
cve
cve

CVE-2024-33868

An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP...

7.2AI Score

EPSS

2024-05-14 04:17 PM
24
nvd
nvd

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious...

6.7AI Score

EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious...

7AI Score

EPSS

2024-05-14 04:17 PM
24
cve
cve

CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID]...

6.8AI Score

EPSS

2024-05-14 04:17 PM
28
nvd
nvd

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file...

6.4AI Score

EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID]...

6.6AI Score

EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID]...

6.6AI Score

EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2024-33868

An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP...

6.9AI Score

EPSS

2024-05-14 04:17 PM
2
cve
cve

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file...

6.7AI Score

EPSS

2024-05-14 04:17 PM
48
cve
cve

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password...

7AI Score

EPSS

2024-05-14 04:17 PM
44
cve
cve

CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID]...

6.8AI Score

EPSS

2024-05-14 04:17 PM
27
nvd
nvd

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password...

6.7AI Score

EPSS

2024-05-14 04:17 PM
1
osv
osv

CVE-2024-32977

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....

7.1CVSS

6.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
3
osv
osv

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:22 PM
5
debiancve
debiancve

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-05-14 03:22 PM
1
cve
cve

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

5.8AI Score

0.0004EPSS

2024-05-14 03:22 PM
18
nvd
nvd

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

5.8AI Score

0.0004EPSS

2024-05-14 03:22 PM
cve
cve

CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server...

9.9CVSS

7.4AI Score

0.0004EPSS

2024-05-14 03:15 PM
92
nvd
nvd

CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server...

9.9CVSS

9.8AI Score

0.0004EPSS

2024-05-14 03:15 PM
cvelist
cvelist

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:56 AM
vulnrichment
vulnrichment

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-14 03:56 AM
nessus
nessus

Rocky Linux 9 : libreoffice (RLSA-2024:1427)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1427 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...

8.8CVSS

7.5AI Score

0.001EPSS

2024-05-14 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

5.8AI Score

0.0004EPSS

2024-05-14 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2021-1678

Gerenciamento da implantação de alterações de associação de...

7.4AI Score

2024-05-13 08:19 PM
89
openbugbounty
openbugbounty

jeu-de-puzzle.net Cross Site Scripting vulnerability OBB-3927632

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-13 04:07 PM
7
cvelist
cvelist

CVE-2024-30268 Cacti XSS vulnerability in display_settings

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

6AI Score

0.0004EPSS

2024-05-13 02:56 PM
vulnrichment
vulnrichment

CVE-2024-30268 Cacti XSS vulnerability in display_settings

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...

6.1CVSS

5.9AI Score

0.0004EPSS

2024-05-13 02:56 PM
Total number of security vulnerabilities51582