Lucene search

K

Alaris GS, Alaris GH, Alaris CC, And Alaris TIVA Security Vulnerabilities

cvelist
cvelist

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0219)

The remote host is missing an update for...

7.1AI Score

0.008EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3954)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : SSSD vulnerability (USN-6836-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6836-1 advisory. It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations....

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

Fedora 39 : galera / mariadb (2024-d61bffd77f)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-d61bffd77f advisory. MariaDB 10.5.25 & Galera 26.4.18 Release notes: https://mariadb.com/kb/en/mariadb-10-5-25-release-notes/ Tenable has extracted the preceding...

7.4AI Score

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0222)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0224)

The remote host is missing an update for...

8.5CVSS

7.1AI Score

0.005EPSS

2024-06-17 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked...

8.1AI Score

EPSS

2024-06-17 12:00 AM
nessus
nessus

Debian dla-3832 : python-bson - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3832 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3832-1 [email protected] ...

4.7CVSS

7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

openSUSE 15 Security Update : php8 (SUSE-SU-2024:2038-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2038-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the preceding...

5.3CVSS

6.9AI Score

0.001EPSS

2024-06-17 12:00 AM
veeam
veeam

Security Context Constraints(SCC) capabilities setting for Generic Storage Backup and Restore with OCP 4.11 or higher

This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and...

7AI Score

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...

0.0004EPSS

2024-06-17 12:00 AM
1
cvelist
cvelist

CVE-2024-37661

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect...

0.0004EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-37663

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect...

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0223)

The remote host is missing an update for...

4.7CVSS

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

XAMPP <= 7.3.2 DoS Vulnerability

XAMPP is prone to a denial of service (DoS)...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6817-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-17 12:00 AM
redos
redos

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0220)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
oraclelinux
oraclelinux

firefox security update

[115.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0...

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
hp
hp

HP ThinPro 8.0 SP 9 Security Updates

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 9) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 9, which includes updates to mitigate potential vulnerabilities. All the identified vulnerabilities listed above were addressed and fixed as part of.....

9.8CVSS

9AI Score

0.732EPSS

2024-06-17 12:00 AM
1
nessus
nessus

RHEL 9 : firefox (RHSA-2024:3949)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3949 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3960)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

Oracle Linux 7 : firefox (ELSA-2024-3951)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3951 advisory. [115.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add...

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3963)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3963 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

Ivanti Endpoint Manager < 2022 (CVE-2024-22058)

The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...

7.8CVSS

8.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
oraclelinux
oraclelinux

glibc security update

[2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 ...

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
cvelist
cvelist

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

0.0004EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-16 11:31 PM
2
nvd
nvd

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:15 PM
1
cve
cve

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 11:15 PM
9
vulnrichment
vulnrichment

CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 11:00 PM
1
cvelist
cvelist

CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:00 PM
2
nvd
nvd

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:15 PM
2
cve
cve

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:15 PM
8
cvelist
cvelist

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:00 PM
3
vulnrichment
vulnrichment

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:00 PM
openbugbounty
openbugbounty

nabssar.net Cross Site Scripting vulnerability OBB-3935787

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 07:37 PM
5
openbugbounty
openbugbounty

shopsme.net Cross Site Scripting vulnerability OBB-3935785

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 07:27 PM
4
openbugbounty
openbugbounty

bvpa.co.uk Cross Site Scripting vulnerability OBB-3935784

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 07:24 PM
2
openbugbounty
openbugbounty

jackmitchell.com Cross Site Scripting vulnerability OBB-3935783

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 07:19 PM
2
openbugbounty
openbugbounty

hlabhm.com Cross Site Scripting vulnerability OBB-3935782

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 07:15 PM
3
openbugbounty
openbugbounty

capfun.com Cross Site Scripting vulnerability OBB-3935779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:37 PM
2
openbugbounty
openbugbounty

yasuragitime.blog.fc2.com Cross Site Scripting vulnerability OBB-3935777

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:04 PM
4
openbugbounty
openbugbounty

warkswings.com Cross Site Scripting vulnerability OBB-3935776

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:04 PM
2
openbugbounty
openbugbounty

zekkeiphoto.blog.fc2.com Cross Site Scripting vulnerability OBB-3935778

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:04 PM
5
openbugbounty
openbugbounty

tif.co.uk Cross Site Scripting vulnerability OBB-3935774

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:02 PM
4
openbugbounty
openbugbounty

the-news.net Cross Site Scripting vulnerability OBB-3935771

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-16 06:01 PM
4
Total number of security vulnerabilities2649072