Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

cvelist
cvelist

CVE-2024-30299 Tenable Vulnerability Disclosure | API Auth Bypass

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

10CVSS

0.001EPSS

2024-06-13 11:24 AM
5
thn
thn

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to...

6.8AI Score

2024-06-13 10:26 AM
thn
thn

Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing...

7.5AI Score

2024-06-13 10:19 AM
2
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
1
cve
cve

CVE-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

7AI Score

0.0005EPSS

2024-06-13 09:15 AM
16
nvd
nvd

CVE-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

0.0005EPSS

2024-06-13 09:15 AM
6
nvd
nvd

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-13 09:15 AM
15
githubexploit
githubexploit

Exploit for CVE-2024-23692

Rejetto HTTP File Server (HFS) 未授权 RCE 漏洞复现 (CVE-2024-23692)...

9.8CVSS

7AI Score

0.002EPSS

2024-06-13 09:12 AM
37
cvelist
cvelist

CVE-2024-34111 SSRF in service connector

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

0.0005EPSS

2024-06-13 09:04 AM
vulnrichment
vulnrichment

CVE-2024-34111 SSRF in service connector

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....

6.5CVSS

7.9AI Score

0.0005EPSS

2024-06-13 09:04 AM
1
vulnrichment
vulnrichment

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

6.3AI Score

0.0004EPSS

2024-06-13 08:31 AM
cvelist
cvelist

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
veracode
veracode

Denial-of-Service (DoS)

@strapi/plugin-upload is vulnerable to Denial-of-Service (DoS). The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:17 AM
githubexploit
githubexploit

Exploit for CVE-2024-23692

Unauthenticated RCE Flaw in Rejetto HTTP File Server...

9.8CVSS

8.6AI Score

0.002EPSS

2024-06-13 06:00 AM
38
veracode
veracode

Incorrect Authorization

org.apache.submarine, submarine-server-core is vulnerable to an Incorrect Authorization. The vulnerability is due to invalidation on authorization checks, allowing unauthorized users to potentially gain access to restricted...

6.8AI Score

0.0004EPSS

2024-06-13 05:08 AM
veracode
veracode

Server-side Template Injection (SSTI)

document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...

9.9CVSS

7.1AI Score

0.0004EPSS

2024-06-13 04:43 AM
redhatcve
redhatcve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Mitigation Mitigation for this issue is either not available or....

6.9AI Score

EPSS

2024-06-13 04:42 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-26229

DRive Just a POC, Combining Everything Theory The...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 01:24 AM
57
openvas
openvas

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Debian dla-3826 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3826 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3826-1 [email protected] ...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3929)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.4AI Score

0.05EPSS

2024-06-13 12:00 AM
nessus
nessus

CentOS 7 : 389-ds-base (RHSA-2024:3591)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Oracle Linux 9 : gvisor-tap-vsock (ELSA-2024-3830)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3830 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

5.4AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
veeam
veeam

How to Configure an Air-Gapped Veeam Kasten for Kubernetes Deployment Using JFrog Artifactory

This article provides a step-by-step approach to configuring a JFrog Artifactory server and installing Veeam Kasten for Kubernetes. This allows for creating an air-gapped installation using a private container registry to install Veeam Kasten for Kubernetes. While this can always be done manually,....

7AI Score

2024-06-13 12:00 AM
1
cisa_kev
cisa_kev

Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized...

9.8CVSS

7AI Score

0.938EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 9 : nghttp2 (RHSA-2024:3875)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
nessus
nessus

Security Updates for Microsoft Dynamics 365 (on-premises) (June 2024)

The Microsoft Dynamics 365 (on-premises) is missing security updates. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for these issues but has instead relied only on...

5.7CVSS

6.5AI Score

0.0005EPSS

2024-06-13 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2003-1)

The remote host is missing an update for...

4.4CVSS

4.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 9 : expat (RHSA-2024:3926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...

7.5CVSS

10AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Atlassian Confluence 7.19 < 7.19.21 / 8.5.x < 8.5.8 / < 8.9.0 (CONFSERVER-94957)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94957 advisory. This High severity Gatekeeper Injection vulnerability was introduced in versions 7.1.0 of Confluence Data Center. This allows an unauthenticated...

7.7AI Score

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3877)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.2AI Score

0.05EPSS

2024-06-13 12:00 AM
1
nessus
nessus

PHP-CGI Argument Injection CVE-2024-4577 (Direct Check)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use 'Best-Fit' behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

7.6AI Score

0.932EPSS

2024-06-13 12:00 AM
3
nessus
nessus

Oracle Linux 9 : python-idna (ELSA-2024-3846)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3846 advisory. [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 Tenable has extracted the preceding description...

6.4AI Score

EPSS

2024-06-13 12:00 AM
nessus
nessus

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...

6.5CVSS

7.4AI Score

EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2005-1)

The remote host is missing an update for...

7.8CVSS

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2002-1)

The remote host is missing an update for...

4.4CVSS

4.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SAP NetWeaver AS Java DoS (3460407)

SAP NetWeaver Application Server for Java is affected by denial of service vulnerability: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (SUSE-SU-2024:2005-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2012-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Debian dla-3825 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...

7.5CVSS

8.1AI Score

0.001EPSS

2024-06-13 12:00 AM
oraclelinux
oraclelinux

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Oracle Linux 9 : ruby (ELSA-2024-3838)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle...

9.8CVSS

7.6AI Score

EPSS

2024-06-13 12:00 AM
wpvulndb
wpvulndb

Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read

Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,.....

4.9CVSS

6.7AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

SAP NetWeaver AS ABAP DoS (3453170)

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
3
packetstorm

9.1CVSS

7AI Score

0.002EPSS

2024-06-13 12:00 AM
33
packetstorm

9.9CVSS

7AI Score

0.938EPSS

2024-06-13 12:00 AM
32
zdt
zdt

Telerik Report Server Authentication Bypass / Remote Code Execution Exploit

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with...

9.9CVSS

8.3AI Score

0.938EPSS

2024-06-13 12:00 AM
24
Total number of security vulnerabilities434320