Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

redos
redos

ROS-20240619-02

Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose (JOSE for Erlang) is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of...

7AI Score

0.0004EPSS

2024-06-19 12:00 AM
redos
redos

ROS-20240619-03

A vulnerability in the userinfo URI subcomponent of the GNU Wget download manager is related to an insecure behavior whereby in which data that should be in the userinfo subcomponent is misinterpreted as being part of the host subcomponent. Exploitation of the vulnerability could allow an attacker....

6.7AI Score

0.0004EPSS

2024-06-19 12:00 AM
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

8.3AI Score

0.0004EPSS

2024-06-19 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

8AI Score

0.0004EPSS

2024-06-19 12:00 AM
nessus
nessus

CentOS 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

7.5CVSS

8AI Score

0.05EPSS

2024-06-19 12:00 AM
1
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

7.2AI Score

0.001EPSS

2024-06-19 12:00 AM
redos
redos

ROS-20240619-01

A vulnerability in the OpenSSH ECDSA Key Handler component of the OpenSSH ECDSA Key Handler technology for signing and encrypting JavaScript objects in Python is related to the definition of a blacklist of prefixes for public keys. Exploitation of the vulnerability could allow an attacker acting...

6.7AI Score

0.0004EPSS

2024-06-19 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6840-1)

The remote host is missing an update for...

7.2AI Score

0.0004EPSS

2024-06-19 12:00 AM
osv
osv

linux-hwe-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 11:24 PM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

9.8CVSS

10AI Score

0.003EPSS

2024-06-18 10:03 PM
4
osv
osv

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

7AI Score

0.0004EPSS

2024-06-18 09:30 PM
3
github
github

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

7AI Score

0.0004EPSS

2024-06-18 09:30 PM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS

10AI Score

0.003EPSS

2024-06-18 09:04 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary.....

9.8CVSS

10AI Score

0.003EPSS

2024-06-18 08:51 PM
1
ibm
ibm

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS

6.9AI Score

EPSS

2024-06-18 08:03 PM
cvelist
cvelist

CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

0.0004EPSS

2024-06-18 07:49 PM
4
cve
cve

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....

5.7CVSS

5.5AI Score

0.0004EPSS

2024-06-18 05:15 PM
9
osv
osv

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....

5.7CVSS

6.7AI Score

0.0004EPSS

2024-06-18 05:15 PM
nvd
nvd

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....

5.7CVSS

0.0004EPSS

2024-06-18 05:15 PM
3
cvelist
cvelist

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....

5.7CVSS

0.0004EPSS

2024-06-18 05:07 PM
3
osv
osv

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

5.7CVSS

6.4AI Score

0.0004EPSS

2024-06-18 04:34 PM
github
github

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

5.7CVSS

6.7AI Score

0.0004EPSS

2024-06-18 04:34 PM
5
thn
thn

Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM

A controversial proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused...

6.7AI Score

2024-06-18 04:22 PM
14
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...

9.8CVSS

9.3AI Score

0.974EPSS

2024-06-18 02:02 PM
17
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...

9.8CVSS

10.1AI Score

EPSS

2024-06-18 02:01 PM
31
thn
thn

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

7.3AI Score

2024-06-18 01:30 PM
6
kitploit
kitploit

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

6.9AI Score

2024-06-18 12:30 PM
4
talosblog
talosblog

How are attackers trying to bypass MFA?

In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...

8.1AI Score

2024-06-18 11:57 AM
1
schneier
schneier

Rethinking Democracy for the Age of AI

There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI Score

2024-06-18 11:04 AM
1
nvd
nvd

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

0.0004EPSS

2024-06-18 10:15 AM
3
cve
cve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

5.4AI Score

0.0004EPSS

2024-06-18 10:15 AM
6
debiancve
debiancve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

6.7AI Score

0.0004EPSS

2024-06-18 10:15 AM
vulnrichment
vulnrichment

CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

6.8AI Score

0.0004EPSS

2024-06-18 10:01 AM
cvelist
cvelist

CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

0.0004EPSS

2024-06-18 10:01 AM
3
veracode
veracode

Regular Expression Denial Of Service

kubeflow/kubeflow is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to the usage of a regular expression to validate email addresses which has inefficient complexity, allowing an attacker to submit a crafted email which results in excessive CPU consumption,...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-06-18 06:26 AM
nvd
nvd

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

0.0004EPSS

2024-06-18 06:15 AM
2
cve
cve

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

6.8AI Score

0.0004EPSS

2024-06-18 06:15 AM
11
nvd
nvd

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

0.0004EPSS

2024-06-18 06:15 AM
2
nvd
nvd

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

0.0004EPSS

2024-06-18 06:15 AM
2
cve
cve

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

6.4AI Score

0.0004EPSS

2024-06-18 06:15 AM
11
cve
cve

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

7.2AI Score

0.0004EPSS

2024-06-18 06:15 AM
9
cvelist
cvelist

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

0.0004EPSS

2024-06-18 05:44 AM
6
vulnrichment
vulnrichment

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

7.4AI Score

0.0004EPSS

2024-06-18 05:44 AM
cvelist
cvelist

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

0.0004EPSS

2024-06-18 05:44 AM
5
cvelist
cvelist

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

0.0004EPSS

2024-06-18 05:44 AM
2
nvd
nvd

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

0.0005EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-18 03:15 AM
7
vulnrichment
vulnrichment

CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-18 02:37 AM
cvelist
cvelist

CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

0.0005EPSS

2024-06-18 02:37 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6837-1)

The remote host is missing an update for...

7.5CVSS

5.8AI Score

0.001EPSS

2024-06-18 12:00 AM
1
Total number of security vulnerabilities481719