Lucene search

K

AMD Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” FP6 Security Vulnerabilities

cvelist
cvelist

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

0.0004EPSS

2024-06-17 03:07 AM
osv
osv

Malicious code in airbnb-o2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (15a37bd4059b76c7466684dfbc565c913af0ab4af849c5a643ce44d3bb7a4a6e) The OpenSSF Package Analysis project identified 'airbnb-o2' @ 13.37.1 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-17 12:09 AM
2
packetstorm

7.4AI Score

2024-06-17 12:00 AM
27
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0221)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-17 12:00 AM
veeam
veeam

Security Context Constraints(SCC) capabilities setting for Generic Storage Backup and Restore with OCP 4.11 or higher

This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and...

7AI Score

2024-06-17 12:00 AM
veeam
veeam

Veeam Kasten for Kubernetes Instant Recovery with Veeam Backup & Replication vPower NFS datastore

Veeam Kasten for Kubernetes Instant Recovery with Veeam Backup & Replication vPower NFS...

7.2AI Score

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the set-logic command with specific formatting...

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0223)

The remote host is missing an update for...

4.7CVSS

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0220)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
oraclelinux
oraclelinux

glibc security update

[2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 ...

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

Ivanti Endpoint Manager < 2022 (CVE-2024-22058)

The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...

7.8CVSS

8.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
redos
redos

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

0.0004EPSS

2024-06-17 12:00 AM
nvd
nvd

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:15 PM
2
cve
cve

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

7.5AI Score

0.0004EPSS

2024-06-16 10:15 PM
11
nvd
nvd

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

0.0004EPSS

2024-06-16 10:15 PM
7
cve
cve

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:15 PM
9
cvelist
cvelist

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:00 PM
3
vulnrichment
vulnrichment

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:00 PM
osv
osv

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.4AI Score

0.0004EPSS

2024-06-16 09:15 PM
nvd
nvd

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.0004EPSS

2024-06-16 09:15 PM
7
cve
cve

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.2AI Score

0.0004EPSS

2024-06-16 09:15 PM
14
kitploit
kitploit

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

7.2AI Score

2024-06-16 05:16 PM
10
nvd
nvd

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

0.0004EPSS

2024-06-16 04:15 PM
2
osv
osv

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

7AI Score

0.0004EPSS

2024-06-16 04:15 PM
1
osv
osv

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

7.1AI Score

0.0004EPSS

2024-06-16 04:15 PM
nvd
nvd

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

0.0004EPSS

2024-06-16 04:15 PM
1
cve
cve

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

7AI Score

0.0004EPSS

2024-06-16 04:15 PM
8
cve
cve

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

6.9AI Score

0.0004EPSS

2024-06-16 04:15 PM
7
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-16 08:06 AM
133
thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
8
mageia
mageia

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

7.6AI Score

0.0004EPSS

2024-06-16 02:07 AM
5
cvelist
cvelist

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

0.0004EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

0.0004EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

0.0004EPSS

2024-06-16 12:00 AM
1
nessus
nessus

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

6.7AI Score

0.0004EPSS

2024-06-16 12:00 AM
3
vulnrichment
vulnrichment

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.1AI Score

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

6.5AI Score

0.0004EPSS

2024-06-16 12:00 AM
krebs
krebs

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI Score

2024-06-15 11:40 PM
15
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

10AI Score

0.001EPSS

2024-06-15 07:37 PM
423
nvd
nvd

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

0.0004EPSS

2024-06-15 02:15 PM
12
cve
cve

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-15 02:15 PM
11
cvelist
cvelist

CVE-2024-27275 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

0.0004EPSS

2024-06-15 01:49 PM
vulnrichment
vulnrichment

CVE-2024-27275 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

6.6AI Score

0.0004EPSS

2024-06-15 01:49 PM
osv
osv

Malicious code in employee-schedule (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (71b36d3a13dcd71ba835e490919b150ec8fbc7de88517906ec7aecaaf89dcbab) The OpenSSF Package Analysis project identified 'employee-schedule' @ 99.9.2 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-15 12:29 PM
nvd
nvd

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.001EPSS

2024-06-15 10:15 AM
3
cve
cve

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-15 10:15 AM
16
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

ClearML Exploit Script This repository contains a Python...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-15 10:09 AM
73
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
17
Total number of security vulnerabilities761810