Lucene search

K

BIG-IP AFM & PEM Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

7AI Score

0.0004EPSS

2024-06-04 11:05 AM
1
cvelist
cvelist

CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-04 11:05 AM
1
vulnrichment
vulnrichment

CVE-2023-48753 WordPress Restricted Site Access plugin <= 7.4.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 11:02 AM
cvelist
cvelist

CVE-2023-48753 WordPress Restricted Site Access plugin <= 7.4.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 11:02 AM
2
cvelist
cvelist

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 10:19 AM
vulnrichment
vulnrichment

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:19 AM
nvd
nvd

CVE-2023-47769

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-04 10:15 AM
cve
cve

CVE-2023-47769

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through...

3.7CVSS

7.2AI Score

0.0004EPSS

2024-06-04 10:15 AM
2
cvelist
cvelist

CVE-2023-47769 WordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-04 10:06 AM
1
vulnrichment
vulnrichment

CVE-2023-47769 WordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through...

3.7CVSS

7AI Score

0.0004EPSS

2024-06-04 10:06 AM
githubexploit
githubexploit

Exploit for Injection in Vm2 Project Vm2

CVE-2023-30547 vm2 is a sandbox that can run untrusted code...

10CVSS

6.8AI Score

0.002EPSS

2024-06-04 10:01 AM
137
osv
osv

BIT-hubble-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....

7.3CVSS

6.2AI Score

0.001EPSS

2024-06-04 09:45 AM
1
nvd
nvd

CVE-2023-41134

Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 08:15 AM
cve
cve

CVE-2023-41134

Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 08:15 AM
18
cvelist
cvelist

CVE-2023-41134 WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 07:23 AM
vulnrichment
vulnrichment

CVE-2023-41134 WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 07:23 AM
nvd
nvd

CVE-2023-37865

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
1
cve
cve

CVE-2023-37865

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 07:15 AM
16
cvelist
cvelist

CVE-2023-37865 WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 07:11 AM
2
vulnrichment
vulnrichment

CVE-2023-37865 WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 07:11 AM
githubexploit

8.6CVSS

6.2AI Score

0.945EPSS

2024-06-04 04:29 AM
95
f5
f5

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-&gt;nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-06-04 12:00 AM
5
githubexploit

8.6CVSS

6.2AI Score

0.945EPSS

2024-06-03 06:17 PM
65
redhatcve
redhatcve

CVE-2024-29415

A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

9.8CVSS

5.8AI Score

EPSS

2024-06-03 01:32 PM
48
redhatcve
redhatcve

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

6.5AI Score

0.0004EPSS

2024-06-03 12:33 PM
2
githubexploit

8.6CVSS

6.1AI Score

0.945EPSS

2024-06-03 12:18 PM
65
redhat
redhat

(RHSA-2024:3550) Important: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. spring-security: Broken Access Control in...

7.5AI Score

0.001EPSS

2024-06-03 11:50 AM
1
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....

7.1CVSS

8.9AI Score

0.002EPSS

2024-06-03 10:05 AM
3
securelist
securelist

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

7.8CVSS

6AI Score

0.003EPSS

2024-06-03 10:00 AM
5
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
4
f5
f5

K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080

Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...

5.6AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
f5
f5

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

7.2CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
nessus
nessus

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

9.8CVSS

6.5AI Score

0.969EPSS

2024-06-03 12:00 AM
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 8 : net-snmp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...

6.5CVSS

8.1AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: tomcat writable config files allow privilege escalation (CVE-2016-6325) Apache Tomcat 5.5.0...

7.8CVSS

7.9AI Score

0.154EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : mcg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet ...

7.5CVSS

10AI Score

0.004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : kernel-rt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645) An issue...

7.5CVSS

6.7AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 9 : net-snmp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...

6.5CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) Apache Tomcat 5.5.0 through...

7.5CVSS

8.1AI Score

0.908EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

9.8CVSS

10AI Score

0.969EPSS

2024-06-03 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei...

7.3CVSS

6.4AI Score

0.001EPSS

2024-06-03 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

7.3CVSS

7.3AI Score

0.001EPSS

2024-06-03 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)

The remote host is missing an update for the Huawei...

7.3CVSS

6.4AI Score

0.001EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 6 : nagios (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nagios: Configured administrative account with fixed password and no IP restriction as default ...

9.8CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

7.3CVSS

7.3AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

7.5CVSS

8.3AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

7.5CVSS

7.8AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : iproute (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...

4.4CVSS

7.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
github
github

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

9.8CVSS

6.2AI Score

EPSS

2024-06-02 10:29 PM
333
Total number of security vulnerabilities70354