Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,IPS Module,NIP6300,NetEngine16EX Security Vulnerabilities

packetstorm

7.4AI Score

EPSS

2024-06-13 12:00 AM
29
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2003-1)

The remote host is missing an update for...

4.4CVSS

4.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 9 : expat (RHSA-2024:3926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...

7.5CVSS

10AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : cups (SUSE-SU-2024:2002-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2002-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system....

4.4CVSS

4.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...

9.8CVSS

8.8AI Score

0.973EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3877)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.2AI Score

0.05EPSS

2024-06-13 12:00 AM
1
nessus
nessus

PHP-CGI Argument Injection CVE-2024-4577 (Direct Check)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use 'Best-Fit' behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

7.6AI Score

0.932EPSS

2024-06-13 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2005-1)

The remote host is missing an update for...

7.8CVSS

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6831-1)

The remote host is missing an update for...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2002-1)

The remote host is missing an update for...

4.4CVSS

4.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
packetstorm

7.4AI Score

EPSS

2024-06-13 12:00 AM
26
nessus
nessus

SUSE SLES15 Security Update : kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (SUSE-SU-2024:2005-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2012-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6829-1)

The remote host is missing an update for...

5.5CVSS

5.6AI Score

0.001EPSS

2024-06-13 12:00 AM
openvas
openvas

Slackware: Security Advisory (SSA:2024-164-01)

The remote host is missing an update for...

7.4AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
oraclelinux
oraclelinux

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6830-1)

The remote host is missing an update for...

7.4CVSS

7.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
zdt
zdt

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

7.8CVSS

7.6AI Score

0.44EPSS

2024-06-13 12:00 AM
22
zdt
zdt

Telerik Report Server Authentication Bypass / Remote Code Execution Exploit

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with...

9.9CVSS

8.3AI Score

0.938EPSS

2024-06-13 12:00 AM
24
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

8.1CVSS

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
packetstorm

9.1CVSS

7AI Score

0.002EPSS

2024-06-13 12:00 AM
34
packetstorm

9.9CVSS

7AI Score

0.938EPSS

2024-06-13 12:00 AM
33
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
1
zdt
zdt

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-13 12:00 AM
21
packetstorm

7.4AI Score

2024-06-13 12:00 AM
30
zdt
zdt

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

8.1AI Score

0.002EPSS

2024-06-13 12:00 AM
25
ibm
ibm

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (CVE-2024-3933)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict access to a...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-12 07:52 PM
2
osv
osv

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

5.8AI Score

2024-06-12 07:43 PM
1
github
github

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

5.8AI Score

2024-06-12 07:43 PM
osv
osv

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-12 06:10 PM
ibm
ibm

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29203)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-29203 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:55 PM
1
ibm
ibm

Security Bulletin: Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29881)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. (CVE-2024-29881). Vulnerability Details ** CVEID: CVE-2024-29881 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-12 03:54 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Asset Management application is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4...

6.2AI Score

0.0004EPSS

2024-06-12 03:47 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......

6.1AI Score

0.0004EPSS

2024-06-12 03:47 PM
4
wordfence
wordfence

Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 5 million WordPress websites. That's why we’ve decided to run another exciting and new promotion for our Bug Bounty Program. With this promotion, our goal is to get more of the highest...

7.8AI Score

2024-06-12 03:17 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package For Java could...

6.4AI Score

0.0004EPSS

2024-06-12 01:46 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:45 PM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:44 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329

Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-06-12 01:43 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7.2AI Score

0.0004EPSS

2024-06-12 01:42 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:40 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:38 PM
2
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...

4.7CVSS

5.9AI Score

0.0004EPSS

2024-06-12 01:34 PM
1
metasploit
metasploit

Telerik Report Server Auth Bypass and Deserialization RCE

This module chains an authentication bypass vulnerability (CVE-2024-4358) with a deserialization vulnerability (CVE-2024-1800) to obtain remote code execution against Telerik Report Server version 10.0.24.130 and prior. The authentication bypass flaw allows an unauthenticated user to create a new.....

9.9CVSS

10AI Score

0.938EPSS

2024-06-12 12:58 PM
8
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2023-50312

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-12 12:54 PM
1
cve
cve

CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-12 12:15 PM
20
Total number of security vulnerabilities447863