Alaris GS, Alaris GH, Alaris CC, And Alaris TIVA Security Vulnerabilities
teaitarakihi.nz Cross Site Scripting vulnerability OBB-3928492
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
dahaboo.com Cross Site Scripting vulnerability OBB-3928491
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD...
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD...
6.2AI Score
alliedrisksecurity.com.au Cross Site Scripting vulnerability OBB-3928490
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, prometheus-pushgateway, k3s, crossplane-provider-gcp, k8sgpt, envoy-ratelimit, aactl, atlantis, kyverno, kargo, crossplane-provider-aws, grpc-health-probe, newrelic-nri-kube-events, newrelic-infra-operator,...
6.6AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: falco, gatekeeper, prometheus-bind-exporter, oras, k3s, prometheus-pushgateway, cni-plugins, k8sgpt, envoy-ratelimit, nri-redis, newrelic-infra-operator, bom, eksctl, hubble-ui, esbuild, opentofu, vault-k8s, capslock, kubernetes-csi-external-provisioner,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
6.9AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: k8sgpt, envoy-ratelimit, aactl, kyverno, nri-redis, bom, terraform-provider-google, opentofu, newrelic-infrastructure-agent, crossplane-provider-azure, ferretdb, xcaddy, lazygit, stern, task, cri-tools, dynamic-localpv-provisioner, nats-server, pulumi, kubevela,...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns out....
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen...
Friday Squid Blogging: Emotional Support Squid
When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: They're emotional support squid because they're large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for.....
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be...
imaxleadingedgere.com Cross Site Scripting vulnerability OBB-3928489
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
imaxsales.net Cross Site Scripting vulnerability OBB-3928488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
encoreliving.net Cross Site Scripting vulnerability OBB-3928487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
lynnpappas.com Cross Site Scripting vulnerability OBB-3928486
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being....
imaxwebsolutions.com Cross Site Scripting vulnerability OBB-3928485
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
sullivanteam.net Cross Site Scripting vulnerability OBB-3928484
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the....
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched...
6.3CVSS
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
7.3CVSS
LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...
CVE-2024-5066 PHPGurukul Online Course Registration System pincode-verification.php sql injection
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched...
CVE-2024-5065 PHPGurukul Online Course Registration System sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
Feds Bust N. Korean Identity Theft Ring Targeting US Firms
By Deeba Ahmed North Korea targeted US companies with stolen identities in a cybercrime scheme. The Justice Department cracks down, seizes websites, and disrupts revenue streams. This is a post from HackRead.com Read the original post: Feds Bust N. Korean Identity Theft Ring Targeting US...
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
7.3CVSS
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Mitigation Red Hat has investigated whether a possible...
0.02EPSS
CVE-2024-5064 PHPGurukul Online Course Registration System news-details.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
CVE-2024-5063 PHPGurukul Online Course Registration System index.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
Summary IBM Security Verify Governance - Identity Manager ships with IBM Java SDK and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security...
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and...
5.8CVSS
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and...
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail...
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4566. Reason: This candidate is a reservation duplicate of CVE-2024-4566. Notes: All CVE users should reference CVE-2024-4566 instead of this candidate. All references and descriptions in this candidate have been.....
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted...
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...