Lucene search

K

BIG-IP (Advanced WAF, APM, ASM) Security Vulnerabilities

wpexploit
wpexploit

FooGallery < 2.4.15 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...

8.2AI Score

0.0004EPSS

2024-05-23 12:00 AM
7
ubuntucve
ubuntucve

CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to...

6.6AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
qualysblog
qualysblog

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances. Google Cloud Platform (GCP) provides a default VPC called 'default.'.....

8.3AI Score

2024-05-22 05:53 PM
9
hackread
hackread

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace...

7.3AI Score

2024-05-22 02:00 PM
3
hackread
hackread

Zoom Announces Advanced Encryption for Increased Meeting Security

By Deeba Ahmed Your Zoom meetings are now more secure than ever! This is a post from HackRead.com Read the original post: Zoom Announces Advanced Encryption for Increased Meeting...

7.4AI Score

2024-05-22 01:09 PM
5
kitploit
kitploit

Above - Invisible Network Protocol Sniffer

Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, &lt;[email protected]&gt; Pseudonym: Caster Version: 2.6 ...

7.1AI Score

2024-05-22 12:30 PM
27
talosblog
talosblog

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...

6.5AI Score

2024-05-22 12:17 PM
8
redhatcve
redhatcve

CVE-2021-47340

In the Linux kernel, the following vulnerability has been resolved: jfs: fix GPF in diFree Avoid passing inode with JFS_SBI(inode-&gt;i_sb)-&gt;ipimap == NULL to diFree()[1]. GFP will appear: struct inode ipimap = JFS_SBI(ip-&gt;i_sb)-&gt;ipimap; struct inomap imap = JFS_IP(ipimap)-&gt;i_imap; JFS_...

6.5AI Score

0.0004EPSS

2024-05-22 11:58 AM
5
redhatcve
redhatcve

CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmware reset, because the cfg80211_unregister_wdev() has to bring down the link for us, ... which then grab the same...

6.6AI Score

0.0004EPSS

2024-05-22 11:26 AM
6
redhat
redhat

(RHSA-2024:3271) Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.2AI Score

0.05EPSS

2024-05-22 10:41 AM
10
redhatcve
redhatcve

CVE-2021-47371

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to the following commands: # ip nexthop add id 1 blackhole # devlink dev reload pci/0000:06:00.0 As part...

6.6AI Score

0.0004EPSS

2024-05-22 10:34 AM
4
securelist
securelist

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here, here and here), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a...

7.7AI Score

2024-05-22 10:00 AM
8
ibm
ibm

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-33599 DESCRIPTION: **glibc is vulnerable.....

7.5CVSS

9.1AI Score

0.005EPSS

2024-05-22 09:19 AM
9
redhatcve
redhatcve

CVE-2021-47408

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing.....

6.5AI Score

0.0004EPSS

2024-05-22 08:58 AM
4
redhatcve
redhatcve

CVE-2021-47429

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The early handler is the true NMI handler, and then it schedules the machine_check_exception handler to run.....

6.4AI Score

0.0004EPSS

2024-05-22 08:31 AM
2
redhatcve
redhatcve

CVE-2021-47419

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: properly cancel timer from taprio_destroy() There is a comment in qdisc_create() about us not calling ops-&gt;reset() in some cases. err_out4: / * Any broken qdiscs that would require a ops-&gt;reset() here? ...

6.4AI Score

0.0004EPSS

2024-05-22 08:29 AM
1
cve
cve

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
31
nvd
nvd

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

6.4AI Score

0.0004EPSS

2024-05-22 07:15 AM
1
debiancve
debiancve

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks...

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
2
cve
cve

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...

6.8AI Score

0.0004EPSS

2024-05-22 07:15 AM
30
nvd
nvd

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
debiancve
debiancve

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...

6.8AI Score

0.0004EPSS

2024-05-22 07:15 AM
3
redhat
redhat

(RHSA-2024:3211) Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

7AI Score

0.0004EPSS

2024-05-22 06:35 AM
6
redhat
redhat

(RHSA-2024:3128) Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...

7.2AI Score

0.0004EPSS

2024-05-22 06:35 AM
28
redhat
redhat

(RHSA-2024:2981) Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if...

6.6AI Score

0.005EPSS

2024-05-22 06:35 AM
4
cvelist
cvelist

CVE-2021-47452 netfilter: nf_tables: skip netdev events generated on netns removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

6.4AI Score

0.0004EPSS

2024-05-22 06:19 AM
1
vulnrichment
vulnrichment

CVE-2021-47452 netfilter: nf_tables: skip netdev events generated on netns removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

6.8AI Score

0.0004EPSS

2024-05-22 06:19 AM
cvelist
cvelist

CVE-2021-47448 mptcp: fix possible stall on recvmsg()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...

6.5AI Score

0.0004EPSS

2024-05-22 06:19 AM
cve
cve

CVE-2024-4980

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 05:15 AM
30
nvd
nvd

CVE-2024-4980

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 05:15 AM
cvelist
cvelist

CVE-2024-4980 WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 04:30 AM
vulnrichment
vulnrichment

CVE-2024-4980 WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-22 04:30 AM
osv
osv

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
packetstorm

7.4AI Score

0.002EPSS

2024-05-22 12:00 AM
174
osv
osv

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if attribute...

7.5CVSS

6.6AI Score

0.005EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
ubuntucve
ubuntucve

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by...

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
almalinux
almalinux

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
osv
osv

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

6.8AI Score

0.05EPSS

2024-05-22 12:00 AM
4
nessus
nessus

Fortinet Fortigate (FG-IR-23-225)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-225 advisory. An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version...

5CVSS

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
almalinux
almalinux

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490) frr: processes invalid NLRIs if attribute...

7.5CVSS

6.7AI Score

0.005EPSS

2024-05-22 12:00 AM
1
nessus
nessus

Fortinet FortiWeb - Weak generation of WAF session IDs leads to session fixation (FG-IR-21-214)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-214 advisory. A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions,...

9.8CVSS

7.3AI Score

0.003EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

6.8AI Score

0.05EPSS

2024-05-22 12:00 AM
2
nessus
nessus

CentOS 8 : python-dns (CESA-2024:3275)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3275 advisory. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
ubuntucve
ubuntucve

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
4
zdt
zdt

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...

6.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
185
wallarmlab
wallarmlab

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...

7.5CVSS

8.6AI Score

0.0004EPSS

2024-05-21 04:56 PM
13
ibm
ibm

Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code...

9.8CVSS

8AI Score

0.001EPSS

2024-05-21 04:27 PM
11
ibm
ibm

Security Bulletin: IBM Storage Fusion is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on...

9.8CVSS

8AI Score

0.001EPSS

2024-05-21 04:25 PM
9
nvd
nvd

CVE-2023-52874

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro In the TDX_HYPERCALL asm, after the TDCALL instruction returns from the untrusted VMM, the registers that the TDX guest shares to the VMM need to be cleared to avoid...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
Total number of security vulnerabilities99689