Lucene search

K

Android App 'Mercari' (Japan Version) Security Vulnerabilities

nessus
nessus

RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-25 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1823)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1811)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1840)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1815)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-25 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6844-1)

The remote host is missing an update for...

4.4CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
almalinux
almalinux

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

9CVSS

9.1AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1832)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1848)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for...

6.1CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : libyaml (EulerOS-SA-2024-1838)

According to the versions of the libyaml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function...

7.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : python-pillow (EulerOS-SA-2024-1824)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.(CVE-2024-28219) Tenable...

6.7CVSS

7.4AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-1809)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205) In Emacs...

6.8AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1821)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2024-1820)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1839)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1808)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

9.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : sssd (EulerOS-SA-2024-1847)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...

7.1CVSS

7.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.11 (ALSA-2024:4077)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.9 (ALSA-2024:4078)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

7.8CVSS

7.3AI Score

0.0005EPSS

2024-06-25 12:00 AM
packetstorm

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
20
nessus
nessus

AlmaLinux 9 : git (ALSA-2024:4083)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

9CVSS

7AI Score

0.001EPSS

2024-06-25 12:00 AM
nvd
nvd

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 11:15 PM
6
cve
cve

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

7.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
12
cve
cve

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
12
nvd
nvd

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

0.0004EPSS

2024-06-24 11:15 PM
4
cve
cve

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

8AI Score

0.0004EPSS

2024-06-24 11:15 PM
10
nvd
nvd

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

0.0004EPSS

2024-06-24 11:15 PM
4
vulnrichment
vulnrichment

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.4AI Score

0.0004EPSS

2024-06-24 10:54 PM
cvelist
cvelist

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 10:54 PM
3
githubexploit
githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

CVE 2023 25690 Description Some mod_proxy configurations on...

9.8CVSS

7.2AI Score

0.007EPSS

2024-06-24 10:20 PM
72
cve
cve

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

6.8AI Score

0.0004EPSS

2024-06-24 10:15 PM
15
nvd
nvd

CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

0.0004EPSS

2024-06-24 10:15 PM
5
ibm
ibm

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

6.2CVSS

7.3AI Score

0.0005EPSS

2024-06-24 10:05 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-24 10:04 PM
1
nvd
nvd

CVE-2023-45196

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....

0.0004EPSS

2024-06-24 09:15 PM
2
cve
cve

CVE-2023-45196

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....

6.9AI Score

0.0004EPSS

2024-06-24 09:15 PM
14
cvelist
cvelist

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

0.0004EPSS

2024-06-24 09:06 PM
vulnrichment
vulnrichment

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

7.1AI Score

0.0004EPSS

2024-06-24 09:06 PM
cvelist
cvelist

CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....

0.0004EPSS

2024-06-24 08:48 PM
2
vulnrichment
vulnrichment

CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....

7.2AI Score

0.0004EPSS

2024-06-24 08:48 PM
github
github

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

7AI Score

EPSS

2024-06-24 08:44 PM
2
osv
osv

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

7.3AI Score

EPSS

2024-06-24 08:44 PM
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
8
nvd
nvd

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

0.0004EPSS

2024-06-24 06:15 PM
6
Total number of security vulnerabilities671259