Lucene search

K

ABB Ability™ Symphony® Plus Historian Security Vulnerabilities

nvd
nvd

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 03:15 PM
cvelist
cvelist

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 02:17 PM
vulnrichment
vulnrichment

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 02:17 PM
redhatcve
redhatcve

CVE-2024-36895

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...

6.7AI Score

0.0004EPSS

2024-06-03 01:32 PM
2
schneier
schneier

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

6.9AI Score

2024-06-03 11:06 AM
5
thn
thn

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've...

8.1AI Score

2024-06-03 10:20 AM
4
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
5
veracode
veracode

Remote Code Execution

typo3/cms-core is vulnerable to Remote Code Execution. The vulnerability is due to the ability to obfuscate Phar files as image or text files, which can then be uploaded and invoked via manipulated URLs in TYPO3 backend forms, which allows an attacker to execute arbitrary...

8.1AI Score

2024-06-03 08:13 AM
thn
thn

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

7.1AI Score

2024-06-03 03:51 AM
1
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
2
f5
f5

K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080

Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...

5.6AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
f5
f5

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

7.2CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
nessus
nessus

RHEL 4 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Memory leak in poolGrow (CVE-2012-1148) The XML parser (xmlparse.c) in expat before 2.1.0...

7.8AI Score

0.009EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 4 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...

7.3AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: heap buffer overflow in pp_pack.c (CVE-2018-6913) Perl 5.10.x allows context-dependent attackers...

7.8CVSS

8.1AI Score

0.57EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : tomcat5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: security manager bypass via IntrospectHelper utility function (CVE-2016-5018) The Realm...

9.1CVSS

7.3AI Score

0.002EPSS

2024-06-03 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 5 : unixodbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) ...

7.8CVSS

8.2AI Score

0.004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : unixodbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) ...

7.8CVSS

7.9AI Score

0.004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : apr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) tables/apr_hash.c in the...

7.1CVSS

7.5AI Score

0.008EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

9.8CVSS

8.1AI Score

0.106EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) (CVE-2017-10346) ...

9.6CVSS

5.6AI Score

0.009EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 4 : unixodbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: possible buffer overrun in SQLDriverConnect() (CVE-2011-1145) Buffer overflow in the...

7.8CVSS

8.2AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : java-1.6.0-sun (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520) (CVE-2017-3509) ...

5.9CVSS

5.2AI Score

0.007EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...

9.8CVSS

8AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : db4 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140) Vulnerability in the Data...

7.8CVSS

5.1AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : conga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. plone: private content access in through-the-web templates (CVE-2017-1000483) plone: Open URL redirect...

6.1CVSS

6.9AI Score

0.019EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : ocaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ocaml: Integer overflow in byterun/bigarray.c:caml_ba_deserialize() allows remote attackers to cause a ...

9.8CVSS

9.9AI Score

0.013EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...

9.8CVSS

7.5AI Score

EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

7.5CVSS

7.6AI Score

0.106EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: heap-based buffer overflow related to the ReadJPEG function (CVE-2017-8358) LibreOffice...

6.5CVSS

8.6AI Score

0.063EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication ...

7.8CVSS

9.4AI Score

EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...

7.4CVSS

6.8AI Score

0.015EPSS

2024-06-03 12:00 AM
fedora
fedora

[SECURITY] Fedora 39 Update: ruff-0.3.7-2.fc39

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle,...

7.4AI Score

2024-06-02 03:39 AM
wired
wired

Mysterious Hack Destroyed 600,000 Internet Routers

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and...

7.3AI Score

2024-06-01 10:30 AM
5
ibm
ibm

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-31 02:39 PM
15
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
schneier
schneier

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

7.4AI Score

2024-05-31 11:04 AM
10
veracode
veracode

Improper Input Validation

symphony is vulnerable to Improper Input Validation. The vulnerability is due to incorrect parsing of the Authorization header in applications using HTTP basic or digest authentication, which could be exploited in certain server...

6.6AI Score

EPSS

2024-05-31 09:37 AM
1
fedora
fedora

[SECURITY] Fedora 39 Update: wireshark-4.0.15-1.fc39

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-31 02:14 AM
3
fedora
fedora

[SECURITY] Fedora 40 Update: wireshark-4.2.5-1.fc40

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-31 01:17 AM
2
zdi
zdi

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

7.5AI Score

EPSS

2024-05-31 12:00 AM
1
zdi
zdi

(Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....

7.1CVSS

6.7AI Score

0.001EPSS

2024-05-31 12:00 AM
8
zdi
zdi

(Pwn2Own) [Collision] VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

9.3CVSS

7.5AI Score

0.001EPSS

2024-05-31 12:00 AM
3
nessus
nessus

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

6.8CVSS

6.8AI Score

0.002EPSS

2024-05-31 12:00 AM
nessus
nessus

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_312.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-012 advisory. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is.....

8.6CVSS

8AI Score

0.017EPSS

2024-05-31 12:00 AM
Total number of security vulnerabilities65151