Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

wpvulndb
wpvulndb

Dextaz Ping <= 0.65 - Admin+ RCE

Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the...

9.1CVSS

7.4AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn (Green Unicorn) is a Python WSGI HTTP server for UNIX. Security Fix(es): * HTTP Request Smuggling due to improper validation of...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-06-24 12:00 AM
osv
osv

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.7AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : libreswan (RHSA-2024:4050)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2154-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2151-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2152-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : CUPS vulnerability (USN-6844-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-1 advisory. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the...

4.4CVSS

9.6AI Score

0.0004EPSS

2024-06-24 12:00 AM
1
cve
cve

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...

6.9AI Score

0.0004EPSS

2024-06-23 11:15 PM
16
nvd
nvd

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...

0.0004EPSS

2024-06-23 11:15 PM
4
hackread
hackread

The Ultimate Guide To Buying A Server For Your Small Business

Purchasing a server might be difficult. This is particularly valid for those making their first purchase. There...

7.3AI Score

2024-06-23 10:23 PM
3
kitploit
kitploit

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

8.4AI Score

2024-06-23 12:30 PM
10
ibm
ibm

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945,...

7.5CVSS

6AI Score

0.001EPSS

2024-06-23 12:21 PM
7
cvelist
cvelist

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...

0.0004EPSS

2024-06-23 12:00 AM
1
osv
osv

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

7AI Score

0.0004EPSS

2024-06-23 12:00 AM
1
almalinux
almalinux

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

7.1AI Score

0.0004EPSS

2024-06-23 12:00 AM
2
thn
thn

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,"...

7.8CVSS

9.1AI Score

0.97EPSS

2024-06-22 11:28 AM
26
thn
thn

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...

7.1AI Score

2024-06-22 11:03 AM
16
osv
osv

Open redirect in gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

6.5AI Score

0.001EPSS

2024-06-22 06:30 AM
github
github

Open redirect in gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

6.5AI Score

0.001EPSS

2024-06-22 06:30 AM
cve
cve

CVE-2024-4940

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

5.4AI Score

0.001EPSS

2024-06-22 06:15 AM
21
nvd
nvd

CVE-2024-4940

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

0.001EPSS

2024-06-22 06:15 AM
3
cvelist
cvelist

CVE-2024-4940 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

0.001EPSS

2024-06-22 05:23 AM
4
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...

8CVSS

8.4AI Score

EPSS

2024-06-22 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...

9.8CVSS

6.8AI Score

0.001EPSS

2024-06-22 12:00 AM
1
nessus
nessus

Debian dla-3834 : libnetty-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-22 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : vte (SUSE-SU-2024:2152-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2152-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....

6.8AI Score

0.0004EPSS

2024-06-22 12:00 AM
nvd
nvd

CVE-2024-37694

ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...

0.0004EPSS

2024-06-21 10:15 PM
9
cve
cve

CVE-2024-37694

ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...

6.5AI Score

0.0004EPSS

2024-06-21 10:15 PM
16
cve
cve

CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...

7.3AI Score

0.133EPSS

2024-06-21 10:15 PM
17
nvd
nvd

CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...

0.133EPSS

2024-06-21 10:15 PM
3
githubexploit
githubexploit

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

This script automatically exploits vulnerability in OpenPLC Web...

8.8CVSS

8.2AI Score

0.006EPSS

2024-06-21 10:10 PM
94
osv
osv

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves &lt;map&gt; <a...

8.2CVSS

6AI Score

0.0004EPSS

2024-06-21 08:15 PM
1
redhatcve
redhatcve

CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not...

6.7AI Score

0.0004EPSS

2024-06-21 07:52 PM
redhatcve
redhatcve

CVE-2024-37353

In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following splat:.....

6.7AI Score

0.0004EPSS

2024-06-21 07:21 PM
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/21/2024

Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...

9.8CVSS

8.9AI Score

0.967EPSS

2024-06-21 06:53 PM
10
wallarmlab
wallarmlab

CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models

ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....

9.8CVSS

7.8AI Score

0.001EPSS

2024-06-21 05:13 PM
5
osv
osv

Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-21 03:52 PM
1
github
github

Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....

2.7CVSS

6.7AI Score

0.0004EPSS

2024-06-21 03:52 PM
3
ibm
ibm

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...

8.8CVSS

9.5AI Score

0.015EPSS

2024-06-21 03:45 PM
10
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Node.js ( CVE-2023-44487, CVE-2023-45143 )

Summary Potential vulnerabilities in Node.js related to the VM component ( CVE-2023-44487, CVE-2023-45143 ) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details.....

7.5CVSS

7.6AI Score

0.732EPSS

2024-06-21 02:39 PM
2
redhatcve
redhatcve

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-&gt;sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....

6.8AI Score

0.0004EPSS

2024-06-21 02:26 PM
ibm
ibm

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with with IBM CICS TX Advanced

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issue. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-21 01:51 PM
2
thn
thn

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...

7.4AI Score

2024-06-21 01:42 PM
18
veracode
veracode

Server Side Request Forgery

@strapi/strapi is vulnerable to Server Side Request Forgery. The vulnerability is due to improper url parameter validation within the /strapi.io/_next/image endpoint, which allows an attacker to send request to internal resources on the...

6.8AI Score

0.0004EPSS

2024-06-21 01:24 PM
1
thn
thn

Military-themed Email Scam Spreads Malware to Infect Pakistani Users

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the....

7.2AI Score

2024-06-21 01:01 PM
14
talosblog
talosblog

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...

7.5AI Score

2024-06-21 12:00 PM
5
cve
cve

CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not...

6.3AI Score

0.0004EPSS

2024-06-21 11:15 AM
17
debiancve
debiancve

CVE-2024-37353

In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following...

6.8AI Score

0.0004EPSS

2024-06-21 11:15 AM
cve
cve

CVE-2024-37353

In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following splat:.....

6.3AI Score

0.0004EPSS

2024-06-21 11:15 AM
15
Total number of security vulnerabilities435607