Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

cve
cve

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
8
nvd
nvd

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...

6.8AI Score

0.0004EPSS

2024-06-14 03:15 PM
8
cvelist
cvelist

CVE-2024-37315 Nextcloud Server's read-only users can restore old versions

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

0.0004EPSS

2024-06-14 03:08 PM
cvelist
cvelist

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:05 PM
vulnrichment
vulnrichment

CVE-2024-37313 Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

7.1AI Score

0.0004EPSS

2024-06-14 02:50 PM
cvelist
cvelist

CVE-2024-37313 Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

0.0004EPSS

2024-06-14 02:50 PM
2
nextcloud
nextcloud

Can reshare read&share only folder with more permissions

Description Impact A recipient of a share with read&share permissions could reshare the item with more permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.12.17 or...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:37 PM
1
nextcloud
nextcloud

Events information leaked with shared calendars on recurrence exceptions

Description Impact Private shared calendar events' recurrence exceptions can be read by sharees. Patches It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 It is recommended that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:36 PM
2
nextcloud
nextcloud

ID4me does not validate signature or expiration

Description Impact An attacker could potentially trick the app into accepting a request that is not signed by the correct server Patches It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0 Workarounds No workaround available References HackerOne...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:35 PM
1
nextcloud
nextcloud

Users can delete old versions of read-only shared files

Description Impact A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server is...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:34 PM
1
cvelist
cvelist

CVE-2024-37368 Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

0.0004EPSS

2024-06-14 02:30 PM
2
nextcloud
nextcloud

Read-only users can restore old versions

Description Impact An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server....

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:29 PM
1
nextcloud
nextcloud

Missing permission check when removing a photo from an album

Description Impact Users can remove photos from the album of registered users Patches It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 It is recommended that the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2 Workarounds No workaround available References ...

3.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:29 PM
2
nextcloud
nextcloud

Ability to by-pass second factor

Description Impact Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 It is recommended that the Nextcloud Enterprise Server is...

7.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:26 PM
1
cvelist
cvelist

CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

0.0004EPSS

2024-06-14 02:17 PM
3
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
3
rocky
rocky

booth security update

An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
rocky
rocky

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

7.2AI Score

2024-06-14 02:00 PM
rocky
rocky

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...

8AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
rocky
rocky

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

5.4CVSS

7AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
osv
osv

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
rocky
rocky

gvisor-tap-vsock security and bug fix update

An update is available for gvisor-tap-vsock. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A replacement for libslirp and VPNKit, written in pure Go. It is...

5.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
rocky
rocky

NetworkManager-libreswan bug fix update

An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains software for integrating the...

7.3AI Score

2024-06-14 02:00 PM
2
rocky
rocky

tomcat security and bug fix update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
osv
osv

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
rocky
rocky

ruby:3.3 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

6.5AI Score

EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

4.9CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
2
osv
osv

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

8AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
3
rocky
rocky

buildah security and bug fix update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container.....

4.9CVSS

6.4AI Score

0.0005EPSS

2024-06-14 02:00 PM
rocky
rocky

qemu-kvm bug fix update

An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) is a full virtualization solution for...

7.3AI Score

2024-06-14 02:00 PM
1
rocky
rocky

rpm-ostree bug fix and enhancement update

An update is available for rpm-ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the...

7.4AI Score

2024-06-14 02:00 PM
osv
osv

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
5
osv
osv

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...

6.9AI Score

EPSS

2024-06-14 02:00 PM
4
rocky
rocky

socat bug fix update

An update is available for socat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The socat utility establishes bi-directional byte streams and transfers data...

7.3AI Score

2024-06-14 02:00 PM
rocky
rocky

golang bug fix update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Bug...

7.2AI Score

2024-06-14 02:00 PM
rocky
rocky

nodejs:20 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
osv
osv

Moderate: gvisor-tap-vsock security and bug fix update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): ...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
rocky
rocky

cockpit-machines bug fix update

An update is available for cockpit-machines. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit component for managing virtual machines. If "virt-install".....

7.3AI Score

2024-06-14 02:00 PM
rocky
rocky

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

6.5AI Score

EPSS

2024-06-14 02:00 PM
rocky
rocky

nodejs security update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
rocky
rocky

ipa security update

An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
rocky
rocky

libvirt bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

7.4AI Score

2024-06-14 02:00 PM
1
rocky
rocky

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
osv
osv

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

6.3CVSS

6.6AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....

6.3CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 02:00 PM
4
rocky
rocky

ostree bug fix update

An update is available for ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OSTree is a tool for managing bootable, immutable, versioned file system...

7.2AI Score

2024-06-14 02:00 PM
Total number of security vulnerabilities434322