Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

thn
thn

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-12 11:11 AM
3
redhatcve
redhatcve

CVE-2022-1941

A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized...

7.5CVSS

6.7AI Score

0.002EPSS

2024-06-12 10:54 AM
3
nvd
nvd

CVE-2024-5468

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

0.0004EPSS

2024-06-12 09:15 AM
2
cve
cve

CVE-2024-5468

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-12 09:15 AM
23
cve
cve

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-12 09:15 AM
27
thn
thn

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

7AI Score

2024-06-12 08:47 AM
3
vulnrichment
vulnrichment

CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-12 08:33 AM
cvelist
cvelist

CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

0.0004EPSS

2024-06-12 08:33 AM
3
nvd
nvd

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

0.0004EPSS

2024-06-12 08:15 AM
3
cve
cve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-12 08:15 AM
26
debiancve
debiancve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-12 08:15 AM
1
cvelist
cvelist

CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

0.0004EPSS

2024-06-12 08:03 AM
3
vulnrichment
vulnrichment

CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-12 08:03 AM
veracode
veracode

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decompressed in entirety before being discarded, which can result in...

5.3CVSS

6.6AI Score

0.0005EPSS

2024-06-12 07:45 AM
1
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
cve
cve

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

6.6AI Score

0.0004EPSS

2024-06-12 07:15 AM
23
nvd
nvd

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

0.0004EPSS

2024-06-12 07:15 AM
3
vulnrichment
vulnrichment

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

6.8AI Score

0.0004EPSS

2024-06-12 06:51 AM
cvelist
cvelist

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

0.0004EPSS

2024-06-12 06:51 AM
2
veracode
veracode

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity (XXE) vulnerability. The vulnerability is due to improper handling of crafted XML input via the lxml dependency in the ebookmeta.get_metadata function, allowing attackers to access sensitive information or cause a Denial of Service...

6.6AI Score

0.0004EPSS

2024-06-12 06:24 AM
veracode
veracode

Regular Expression Denial Of Service (ReDoS)

ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service (ReDoS). The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of....

7AI Score

2024-06-12 06:23 AM
githubexploit
githubexploit

Exploit for CVE-2023-11518

POC Recreating CVE 2023-36802 Microsoft Streaming...

7.5AI Score

EPSS

2024-06-12 06:19 AM
48
githubexploit
githubexploit

Exploit for Use After Free in Microsoft

POC Recreating CVE 2023-36802 Microsoft Streaming...

7.8CVSS

8.6AI Score

0.001EPSS

2024-06-12 06:19 AM
24
veracode
veracode

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity (XXE) vulnerability. The vulnerability is due to improper handling of crafted XML input in the ebookmeta.get_metadata function, allowing attackers to access sensitive information or cause a Denial of Service...

6.6AI Score

0.0004EPSS

2024-06-12 05:47 AM
thn
thn

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

9.8CVSS

8.7AI Score

0.05EPSS

2024-06-12 04:26 AM
98
cve
cve

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

7AI Score

0.0004EPSS

2024-06-12 03:15 AM
22
nvd
nvd

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

0.0004EPSS

2024-06-12 03:15 AM
2
redhatcve
redhatcve

CVE-2024-25131

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...

7.2AI Score

EPSS

2024-06-12 12:48 AM
3
redhatcve
redhatcve

CVE-2024-5197

A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of...

6.6AI Score

0.0004EPSS

2024-06-12 12:48 AM
3
redhatcve
redhatcve

CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-12 12:40 AM
redhatcve
redhatcve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-12 12:36 AM
nessus
nessus

GitLab 13.1 < 16.10.7 / 16.11 < 16.11.4 / 17.0 < 17.0.2 (CVE-2024-1495)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6820-2)

The remote host is missing an update for...

8CVSS

7.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : 389-ds-base (RHSA-2024:3837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3837 advisory. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2024:1988-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1988-1 advisory. Rebuild against current updated packages and go compiler. - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

Amazon Linux 2 : openssl11 (ALAS-2024-2564)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2564 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions ...

6.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
2
cvelist
cvelist

CVE-2023-49559

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

0.0004EPSS

2024-06-12 12:00 AM
2
kaspersky
kaspersky

KLA68918 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...

9AI Score

0.0004EPSS

2024-06-12 12:00 AM
2
openvas
openvas

Microsoft Windows Multiple Vulnerabilities (KB5039213)

This host is missing an important security update according to Microsoft...

9.8CVSS

7.2AI Score

0.003EPSS

2024-06-12 12:00 AM
4
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1983-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1983-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-12 12:00 AM
1
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1975-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...

7.4CVSS

8AI Score

0.0004EPSS

2024-06-12 12:00 AM
4
openvas
openvas

Microsoft Windows Multiple Vulnerabilities (KB5039211)

This host is missing an important security update according to Microsoft...

9.8CVSS

7.2AI Score

0.003EPSS

2024-06-12 12:00 AM
24
vulnrichment
vulnrichment

CVE-2023-49559

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

6.6AI Score

0.0004EPSS

2024-06-12 12:00 AM
cvelist
cvelist

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

0.0004EPSS

2024-06-12 12:00 AM
2
openvas
openvas

Microsoft Windows Multiple Vulnerabilities (KB5039214)

This host is missing an important security update according to Microsoft...

9.8CVSS

7.2AI Score

0.003EPSS

2024-06-12 12:00 AM
26
jvn
jvn

JVN#25594256: Denial-of-service (DoS) vulnerability in IPCOM WAF function

WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908). ## Impact If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended. ## Solution Update the firmware Update the firmware to the...

7AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

Oracle Linux 9 : 389-ds-base (ELSA-2024-3837)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3837 advisory. [2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-06-12 12:00 AM
Total number of security vulnerabilities481719