Navidrome Parameter Tampering vulnerability
Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...
7AI Score
0.0004EPSS
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter...
4.2CVSS
7.2AI Score
0.0004EPSS
CVE-2024-32963 Parameter Tampering vulnerability in Navidrome
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter...
6.4AI Score
0.0004EPSS
Bypassing MFA on Microsoft Azure Entra ID
TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team...
7.5AI Score
Security Bulletin: NVIDIA ChatRTX - May 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
7AI Score
0.0004EPSS
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tp_f_delete_transient() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
6.7AI Score
Description The Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.7. This is due to missing or incorrect nonce validation on the radio_station_notice_dismiss()...
6.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
8AI Score
Security Bulletin: Triton Inference Server - April 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
7.8AI Score
0.0004EPSS
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath...
6.8AI Score
0.0004EPSS
ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code...
7.8AI Score
0.0004EPSS
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
5.8AI Score
0.002EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More
By Dr. Mike Cohen and Carlos Canto Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features. EWF Support Velociraptor has introduced the ability to analyze dead disk images in the...
6.6AI Score
(RHSA-2024:2585) Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: mlxsw: spectrum_acl_tcam: Fix...
8.2AI Score
0.0004EPSS
(RHSA-2024:2582) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586) kernel: netfilter:...
7.9AI Score
0.0004EPSS
SEW-EURODRIVE MOVITOOLS MotionStudio (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to...
7.5AI Score
0.001EPSS
Managed Detection and Response in 2023
Managed Detection and Response in 2023 (PDF) Alongside other security solutions, we provide Kaspersky Managed Detection and Response (MDR) to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both...
7AI Score
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546) kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133,...
8.6AI Score
0.003EPSS
github.com/projectcalico/calico/ is vulnerable to Privilege Escalation. The vulnerability is due to an incorrect SUID bit configuration in the Calico CNI install binary, combined with the ability to control the input binary, allows an attacker to execute an arbitrary binary with elevated...
7.4AI Score
0.0004EPSS
RHEL 9 : kernel (RHSA-2024:2394)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2394 advisory. kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) kernel: memcg does not limit the...
8.5AI Score
Pouring Acid Rain By Max Kersten · April 30, 2024 In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. Their ongoing shows that wipers have.....
7.7AI Score
RHEL 8 : kernel-rt (RHSA-2024:2585)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2585 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init...
7.6AI Score
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-011)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_412.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-011 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of...
5.8AI Score
RHEL 8 : kernel (RHSA-2024:2582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2582 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init...
7.6AI Score
Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2528)
The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.11+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2528 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
5.9AI Score
K000139446 : Oracle Java vulnerability CVE-2024-21005
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.1CVSS
5.6AI Score
0.0005EPSS
Amazon Linux 2 : kernel (ALAS-2024-2525)
The version of kernel installed on the remote host is prior to 4.14.336-257.568. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2525 advisory. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative...
7.2AI Score
ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code...
7.3AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.5AI Score
Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2527)
The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.23+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2527 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
6AI Score
RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory. A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause...
6.2AI Score
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...
5.7AI Score
0.0004EPSS
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath...
6.4AI Score
0.0004EPSS
K000139430 : Linux kernel vulnerability CVE-2024-1086
Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow()...
7.8CVSS
6.9AI Score
0.0004EPSS
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install...
6.7CVSS
7.8AI Score
0.0004EPSS
CVE-2024-33522 Privilege escalation in Calico CNI install binary
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install...
7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related...
6.8AI Score
0.001EPSS
Arbitrary Systemd Property Injection
github.com/cri-o/cri-o is vulnerable to Arbitrary Systemd Property Injection. The vulnerability is due to improper filtering of systemd property within a Pod annotation, allowing an attacker with the ability to create a pod with arbitrary annotations to perform unauthorized actions on the host...
6.9AI Score
0.0004EPSS
Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-602)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-602 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle...
5.7AI Score
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-599 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...
5.8AI Score
SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2024:1452-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1452-1 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
6AI Score
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-598 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...
5.8AI Score
Description The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up....
6.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:1450-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1450-1 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
6AI Score
Fedora 40 : python-asyncssh (2023-a3af7820e8)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
7.1AI Score
Reviews Plus < 1.3.5 - Missing Authorization to Notice Dismissal
Description The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_hide_revs_translation_notice() function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with...
6.7AI Score
0.0004EPSS
Fedora 40 : gh (2024-48aa5f1dae)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-48aa5f1dae advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
7.1AI Score
K000139429 : Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098
Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:...
3.7CVSS
5.3AI Score
0.0005EPSS
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...
5.8AI Score