Lucene search

K

Alaris GS, Alaris GH, Alaris CC, And Alaris TIVA Security Vulnerabilities

cve
cve

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
6
nvd
nvd

CVE-2024-6048

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

0.0004EPSS

2024-06-17 08:15 AM
2
cve
cve

CVE-2024-6048

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

9.8AI Score

0.0004EPSS

2024-06-17 08:15 AM
6
nvd
nvd

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 08:15 AM
2
nvd
nvd

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 08:15 AM
3
cve
cve

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
6
cve
cve

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

0.0004EPSS

2024-06-17 08:15 AM
5
nvd
nvd

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 08:15 AM
2
openbugbounty
openbugbounty

avdelidi.gr Cross Site Scripting vulnerability OBB-3935819

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 08:03 AM
3
githubexploit
githubexploit

Exploit for CVE-2024-0757

CVE-2024-0757 (Exploit) Description The Insert or Embed...

8.3AI Score

0.0004EPSS

2024-06-17 07:46 AM
34
osv
osv

BIT-vault-2024-5798

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

2.6CVSS

3.8AI Score

0.0004EPSS

2024-06-17 07:39 AM
24
cvelist
cvelist

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 07:34 AM
3
cvelist
cvelist

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 07:34 AM
3
vulnrichment
vulnrichment

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

0.0004EPSS

2024-06-17 07:34 AM
vulnrichment
vulnrichment

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

0.0004EPSS

2024-06-17 07:33 AM
cvelist
cvelist

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 07:33 AM
3
openbugbounty
openbugbounty

img.parismature.com Open Redirect vulnerability OBB-3935815

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:29 AM
3
cvelist
cvelist

CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

0.0004EPSS

2024-06-17 07:28 AM
2
osv
osv

BIT-magento-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that.....

9.8CVSS

9.6AI Score

0.001EPSS

2024-06-17 07:26 AM
1
osv
osv

BIT-magento-2024-34103

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

8.1CVSS

6.9AI Score

0.001EPSS

2024-06-17 07:26 AM
osv
osv

BIT-magento-2024-34104

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both...

8.2CVSS

6.8AI Score

0.001EPSS

2024-06-17 07:25 AM
osv
osv

BIT-magento-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS

5.3AI Score

0.0004EPSS

2024-06-17 07:25 AM
osv
osv

BIT-magento-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-17 07:25 AM
osv
osv

BIT-magento-2024-34107

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...

5.3CVSS

6.8AI Score

0.0005EPSS

2024-06-17 07:25 AM
osv
osv

BIT-magento-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges...

9.1CVSS

7.5AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-magento-2024-34109

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges...

7.2CVSS

7.5AI Score

0.001EPSS

2024-06-17 07:24 AM
1
osv
osv

BIT-magento-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-gitlab-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-17 07:24 AM
1
osv
osv

BIT-magento-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

7.9AI Score

0.0005EPSS

2024-06-17 07:24 AM
openbugbounty
openbugbounty

protectlink.security-mail.net Open Redirect vulnerability OBB-3935814

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:24 AM
3
osv
osv

BIT-gitlab-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-17 07:23 AM
1
osv
osv

BIT-gitlab-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-17 07:23 AM
2
osv
osv

BIT-hubble-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:20 AM
1
osv
osv

BIT-gitlab-2024-4201

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...

4.4CVSS

4.2AI Score

0.0004EPSS

2024-06-17 07:20 AM
23
veracode
veracode

Broken Access Control

TYPO3 is vulnerable to Broken Access Control. The vulnerability is due to backend users with limited access to specific languages being able to modify and create pages in the default language, which should be disallowed. A valid backend user account is required to exploit this...

6.9AI Score

2024-06-17 07:19 AM
1
osv
osv

BIT-elasticsearch-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter,...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-17 07:18 AM
2
osv
osv

BIT-elasticsearch-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS

5AI Score

0.0004EPSS

2024-06-17 07:17 AM
23
osv
osv

BIT-cilium-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
osv
osv

BIT-cilium-operator-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
nvd
nvd

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 07:15 AM
3
cve
cve

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

8.7AI Score

0.0004EPSS

2024-06-17 07:15 AM
4
malwarebytes
malwarebytes

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI Score

2024-06-17 07:03 AM
7
wired
wired

Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers

CCTV cameras and AI are being combined to monitor crowds, detect bike thefts, and spot...

7.3AI Score

2024-06-17 07:00 AM
5
msrc
msrc

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path...

7.4AI Score

2024-06-17 07:00 AM
4
veracode
veracode

Double Free

LibYAML is vulnerable to a Double-free. The vulnerability is due to improper memory management in the handling of anchor allocations, leading to double-free errors. Attackers can exploit this vulnerability to potentially execute arbitrary code or cause a denial of service by manipulating memory...

7.7AI Score

0.0004EPSS

2024-06-17 06:55 AM
veracode
veracode

Heap Buffer Overflow

LibYAML is vulnerable to Heap buffer overflow. The vulnerability is due to the lack of proper initialization of the emitter when yaml_emitter_emit is called without yaml_emitter_initialize. An attacker can exploit this vulnerability by providing specially crafted inputs to trigger the overflow,...

7.5AI Score

0.0004EPSS

2024-06-17 06:54 AM
veracode
veracode

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting (XSS). The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink...

6.4AI Score

2024-06-17 06:46 AM
openbugbounty
openbugbounty

aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:33 AM
4
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
14
vulnrichment
vulnrichment

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

7.5AI Score

0.0004EPSS

2024-06-17 06:21 AM
Total number of security vulnerabilities2649071