Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5505 NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

7.9AI Score

0.001EPSS

2024-06-06 05:49 PM
cvelist
cvelist

CVE-2024-5505 NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

0.001EPSS

2024-06-06 05:49 PM
1
vulnrichment
vulnrichment

CVE-2024-30375 Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability

Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-06 05:47 PM
cvelist
cvelist

CVE-2024-30375 Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability

Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

0.001EPSS

2024-06-06 05:47 PM
1
cvelist
cvelist

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

0.0004EPSS

2024-06-06 05:19 PM
vulnrichment
vulnrichment

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

7.6AI Score

0.0004EPSS

2024-06-06 05:19 PM
ibm
ibm

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the...

6.8AI Score

2024-06-06 04:18 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
7
ibm
ibm

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

5.9CVSS

4.5AI Score

0.001EPSS

2024-06-06 03:07 PM
1
githubexploit

7.8CVSS

8.8AI Score

0.076EPSS

2024-06-06 02:27 PM
74
redhatcve
redhatcve

CVE-2024-23445

A flaw was found in Elasticsearch. If a cross-cluster API key restricts the search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross-cluster search.....

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 11:03 AM
2
cve
cve

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.9AI Score

0.001EPSS

2024-06-06 02:15 AM
2
nvd
nvd

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

6.7AI Score

0.001EPSS

2024-06-06 02:15 AM
1
cvelist
cvelist

CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

6.7AI Score

0.001EPSS

2024-06-06 02:02 AM
1
cve
cve

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

7AI Score

0.0004EPSS

2024-06-06 12:15 AM
27
nvd
nvd

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.5AI Score

0.0004EPSS

2024-06-06 12:15 AM
zdi
zdi

Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
f5
f5

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
7
zdi
zdi

Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

6.4AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
packetstorm

7.4AI Score

2024-06-06 12:00 AM
75
zdi
zdi

Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
nvidia
nvidia

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
41
nessus
nessus

Oracle Linux 8 : kernel (ELSA-2024-3618)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Apex One Damage Cleanup Engine Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

6.9AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
zdi
zdi

Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend...

7.5AI Score

0.0005EPSS

2024-06-06 12:00 AM
2
cvelist
cvelist

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.5AI Score

0.0004EPSS

2024-06-05 11:23 PM
4
vulnrichment
vulnrichment

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.8AI Score

0.0004EPSS

2024-06-05 11:23 PM
ibm
ibm

Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-05 03:47 PM
2
wordfence
wordfence

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 03:01 PM
6
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
talosblog
talosblog

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...

7.9AI Score

2024-06-05 12:00 PM
5
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2017-15708 DESCRIPTION:...

9.8CVSS

10AI Score

0.967EPSS

2024-06-05 07:14 AM
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils

Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2019-10086 DESCRIPTION:...

7.3CVSS

8.2AI Score

0.973EPSS

2024-06-05 07:06 AM
1
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Google Guava

Summary A vulnerability has been identified in Google Guava, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2023-2976 DESCRIPTION: **Google Guava could...

7.1CVSS

6.5AI Score

0.0004EPSS

2024-06-05 07:01 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtspeech-5.15.14-1.fc40

The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. T he most common use case where text-to-speech comes in handy is when the end-user is...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtserialport-5.15.14-1.fc40

Qt Serial Port provides the basic functionality, which includes configuring, I/O operations, getting and setting the control signals of the RS-232 pinou...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtlocation-5.15.14-1.fc40

The Qt Location and Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
f5
f5

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

9.8CVSS

7.5AI Score

0.006EPSS

2024-06-05 12:00 AM
9
zdi
zdi

Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.2AI Score

2024-06-05 12:00 AM
1
openvas
openvas

openSUSE: Security Advisory for git (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

9CVSS

6.9AI Score

0.001EPSS

2024-06-05 12:00 AM
drupal
drupal

Acquia DAM - Moderately critical - Access bypass, Denial of Service - SA-CONTRIB-2024-025

Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance. The module doesn't sufficiently....

6.8AI Score

2024-06-05 12:00 AM
1
f5
f5

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

9.8CVSS

9.6AI Score

0.014EPSS

2024-06-05 12:00 AM
5
f5
f5

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

7.5CVSS

7.6AI Score

0.004EPSS

2024-06-05 12:00 AM
4
oraclelinux
oraclelinux

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

7.8CVSS

9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
malwarebytes
malwarebytes

US residents targeted by utility scammers on Google

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following.....

7.2AI Score

2024-06-04 09:05 PM
5
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...

5.9CVSS

6.2AI Score

0.001EPSS

2024-06-04 06:11 PM
3
Total number of security vulnerabilities104071