Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. (CVE-2023-30630, CVE-2023-28321) Vulnerability Details ** CVEID: CVE-2023-27536 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...

7.1CVSS

7.5AI Score

0.002EPSS

2024-06-20 11:50 PM
6
nvd
nvd

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

0.001EPSS

2024-06-20 10:15 PM
6
cve
cve

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

7.8AI Score

0.001EPSS

2024-06-20 10:15 PM
26
cvelist
cvelist

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

0.001EPSS

2024-06-20 09:31 PM
3
vulnrichment
vulnrichment

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

7.5AI Score

0.001EPSS

2024-06-20 09:31 PM
1
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS

10AI Score

0.005EPSS

2024-06-20 08:32 PM
3
githubexploit
githubexploit

Exploit for Path Traversal in Gitlab

CVE-2023-2825 (Unauthenticated) Directory traversal leads...

10CVSS

6.8AI Score

0.167EPSS

2024-06-20 08:22 PM
98
nvd
nvd

CVE-2024-37818

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET...

0.0004EPSS

2024-06-20 07:15 PM
3
cve
cve

CVE-2024-37818

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET...

6.7AI Score

0.0004EPSS

2024-06-20 07:15 PM
22
nvd
nvd

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

0.0004EPSS

2024-06-20 06:15 PM
8
osv
osv

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-06-20 06:15 PM
cve
cve

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-20 06:15 PM
24
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-4408]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages [CVE-2023-4408]. ISC BIND is included as a Base OS package used by our Service Runtimes. This...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-20 06:14 PM
2
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones [CVE-2023-50387]. ISC BIND is included as a Base OS package used by our Service...

7.5CVSS

7AI Score

0.05EPSS

2024-06-20 06:07 PM
1
redhatcve
redhatcve

CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case,...

7AI Score

0.0004EPSS

2024-06-20 05:56 PM
4
cvelist
cvelist

CVE-2024-37897 Insufficient access control for password reset in sftpgo

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

0.0004EPSS

2024-06-20 05:32 PM
5
nvd
nvd

CVE-2024-37343

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

0.0004EPSS

2024-06-20 05:15 PM
cve
cve

CVE-2024-37343

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

4.9AI Score

0.0004EPSS

2024-06-20 05:15 PM
22
ibm
ibm

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM.....

9.1CVSS

9.4AI Score

0.732EPSS

2024-06-20 04:51 PM
14
cvelist
cvelist

CVE-2024-37343 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

0.0004EPSS

2024-06-20 04:30 PM
3
vulnrichment
vulnrichment

CVE-2024-37343 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

6AI Score

0.0004EPSS

2024-06-20 04:30 PM
kitploit
kitploit

BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!

A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin |...

7.5AI Score

2024-06-20 03:41 PM
3
ibm
ibm

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....

8CVSS

8.8AI Score

0.003EPSS

2024-06-20 03:31 PM
6
github
github

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...

8.5AI Score

2024-06-20 03:00 PM
3
redhatcve
redhatcve

CVE-2024-38601

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...

6.8AI Score

0.0004EPSS

2024-06-20 02:56 PM
2
redhatcve
redhatcve

CVE-2022-48758

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the...

7AI Score

0.0004EPSS

2024-06-20 02:53 PM
1
thn
thn

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been...

7.5CVSS

8.1AI Score

0.0004EPSS

2024-06-20 02:22 PM
22
ibm
ibm

Security Bulletin: HTTP request smuggling vulnerability in IBM Business Automation Workflow Machine Learning Server CVE-2024-1135

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...

7.5CVSS

6AI Score

0.0004EPSS

2024-06-20 02:20 PM
3
nvd
nvd

CVE-2024-37532

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: ...

8.8CVSS

0.0004EPSS

2024-06-20 02:15 PM
2
cve
cve

CVE-2024-37532

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: ...

8.8CVSS

8.3AI Score

0.0004EPSS

2024-06-20 02:15 PM
35
redhatcve
redhatcve

CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000...

6.8AI Score

0.0004EPSS

2024-06-20 01:56 PM
redhatcve
redhatcve

CVE-2022-48746

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the handled netdev is VF representor and it missing a check if the VF representor is on the same phys...

7AI Score

0.0004EPSS

2024-06-20 01:56 PM
1
redhatcve
redhatcve

CVE-2022-48729

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the following panic happens: RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1] Code: 31 e4 eb 0f 8b 85 c8 02 00 00....

6.7AI Score

0.0004EPSS

2024-06-20 01:53 PM
2
redhatcve
redhatcve

CVE-2022-48728

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI...

7AI Score

0.0004EPSS

2024-06-20 01:53 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.3AI Score

EPSS

2024-06-20 01:40 PM
4
cvelist
cvelist

CVE-2024-37532 IBM WebSphere Application Server identity spoofing

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: ...

8.8CVSS

0.0004EPSS

2024-06-20 01:22 PM
4
vulnrichment
vulnrichment

CVE-2024-37532 IBM WebSphere Application Server identity spoofing

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: ...

8.8CVSS

6.3AI Score

0.0004EPSS

2024-06-20 01:22 PM
nvd
nvd

CVE-2023-49113

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

0.0004EPSS

2024-06-20 01:15 PM
2
cve
cve

CVE-2023-49110

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these...

7.2AI Score

0.0004EPSS

2024-06-20 01:15 PM
23
nvd
nvd

CVE-2023-49110

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these...

0.0004EPSS

2024-06-20 01:15 PM
6
cve
cve

CVE-2023-49113

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

6.6AI Score

0.0004EPSS

2024-06-20 01:15 PM
22
vulnrichment
vulnrichment

CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

7AI Score

0.0004EPSS

2024-06-20 12:39 PM
1
cvelist
cvelist

CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer

The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

0.0004EPSS

2024-06-20 12:39 PM
5
vulnrichment
vulnrichment

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these...

7.5AI Score

0.0004EPSS

2024-06-20 12:29 PM
2
cvelist
cvelist

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application (either on-premises or cloud/SaaS solution), the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these...

0.0004EPSS

2024-06-20 12:29 PM
4
nvd
nvd

CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000...

0.0004EPSS

2024-06-20 12:15 PM
2
nvd
nvd

CVE-2022-48758

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the...

0.0004EPSS

2024-06-20 12:15 PM
2
debiancve
debiancve

CVE-2022-48758

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the...

6.7AI Score

0.0004EPSS

2024-06-20 12:15 PM
cve
cve

CVE-2022-48758

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the...

6.6AI Score

0.0004EPSS

2024-06-20 12:15 PM
22
debiancve
debiancve

CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops:...

6.5AI Score

0.0004EPSS

2024-06-20 12:15 PM
Total number of security vulnerabilities435614