Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

nvd
nvd

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

4.7CVSS

0.0005EPSS

2024-06-10 10:15 PM
4
cve
cve

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nvd
nvd

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

0.0005EPSS

2024-06-10 10:15 PM
3
cve
cve

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

4.7CVSS

6.5AI Score

0.0005EPSS

2024-06-10 10:15 PM
24
cve
cve

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
23
nvd
nvd

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
6
cve
cve

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

6.1CVSS

7AI Score

0.0005EPSS

2024-06-10 10:15 PM
25
nvd
nvd

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
5
nvd
nvd

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
4
cve
cve

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
cve
cve

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nvd
nvd

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
4
nvd
nvd

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

6.1CVSS

0.0005EPSS

2024-06-10 10:15 PM
5
cve
cve

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
github
github

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...

8.9CVSS

5.4AI Score

0.0004EPSS

2024-06-10 09:36 PM
3
osv
osv

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Actions Taken Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive...

8.9CVSS

5.3AI Score

0.0004EPSS

2024-06-10 09:36 PM
cvelist
cvelist

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

0.0004EPSS

2024-06-10 09:29 PM
3
vulnrichment
vulnrichment

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

5.4AI Score

0.0004EPSS

2024-06-10 09:29 PM
2
vulnrichment
vulnrichment

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-10 09:22 PM
2
cvelist
cvelist

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 09:22 PM
8
cvelist
cvelist

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

0.0005EPSS

2024-06-10 09:21 PM
3
vulnrichment
vulnrichment

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 09:21 PM
1
cvelist
cvelist

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

0.0005EPSS

2024-06-10 09:21 PM
3
vulnrichment
vulnrichment

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 09:21 PM
vulnrichment
vulnrichment

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

4.7CVSS

6.5AI Score

0.0005EPSS

2024-06-10 09:21 PM
1
cvelist
cvelist

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

4.7CVSS

0.0005EPSS

2024-06-10 09:21 PM
2
vulnrichment
vulnrichment

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

6.1CVSS

7AI Score

0.0005EPSS

2024-06-10 09:21 PM
cvelist
cvelist

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

6.1CVSS

0.0005EPSS

2024-06-10 09:21 PM
2
cvelist
cvelist

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 09:21 PM
1
vulnrichment
vulnrichment

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 09:21 PM
cvelist
cvelist

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

0.0005EPSS

2024-06-10 09:21 PM
8
vulnrichment
vulnrichment

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-10 09:21 PM
vulnrichment
vulnrichment

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 09:20 PM
1
cvelist
cvelist

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 09:20 PM
2
vulnrichment
vulnrichment

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-10 09:20 PM
cvelist
cvelist

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 09:20 PM
2
ibm
ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges...

10CVSS

8.9AI Score

EPSS

2024-06-10 05:54 PM
1
wallarmlab
wallarmlab

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating....

9.8CVSS

10AI Score

0.0004EPSS

2024-06-10 04:52 PM
28
impervablog
impervablog

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

7AI Score

2024-06-10 01:00 PM
13
thn
thn

Cybersecurity CPEs: Unraveling the What, Why & How

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs...

7.2AI Score

2024-06-10 11:31 AM
2
thn
thn

Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,"...

7AI Score

2024-06-10 11:00 AM
21
zdi
zdi

Linux Kernel RSVP Filter Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-10 12:00 AM
hp
hp

Intel 2024.2 IPU - BIOS May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
zdi
zdi

Linux Kernel nftables Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
apple
apple

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

7.9AI Score

0.0005EPSS

2024-06-10 12:00 AM
4
zdi
zdi

Trend Micro VPN Proxy One Pro Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

6.9AI Score

0.0005EPSS

2024-06-10 12:00 AM
1
zdi
zdi

Linux Kernel Net Scheduler Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the....

7.8CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
nvd
nvd

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
Total number of security vulnerabilities104344