SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
7.5AI Score
EPSS
Exploit for Use After Free in Microsoft
POC Recreating CVE 2023-36802 Microsoft Streaming...
7.8CVSS
8.6AI Score
0.001EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
A flaw was found in the cupsd server. When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Since cupsd is often running as root, this...
4.4CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") added support for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to shadow_stack temporarily before...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locks a file range in the inode's io tree. This however can lead to a deadlock if we have a concurrent....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runs while the controller is reset this...
7.1AI Score
0.0004EPSS
Description The Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_media_slider and _ms_save_settings functions in versions up to, and including, 1.3.9....
4.3CVSS
6.4AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the do_sync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such....
4.3CVSS
6.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1983-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1983-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
7.8CVSS
8.5AI Score
0.001EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1988-1 advisory. Rebuild against current updated packages and go compiler. - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)...
8.3CVSS
8.3AI Score
0.0004EPSS
Description The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.3. This is due to missing or incorrect nonce validation on the wpa_check_authentication()...
5.4CVSS
6.6AI Score
0.0004EPSS
Description The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.8AI Score
0.0004EPSS
12 Step Meeting List < 3.14.34 - Reflected Cross-Site Scripting
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.14.33 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
7.1CVSS
6.3AI Score
0.0004EPSS
[7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...
8.8CVSS
7AI Score
0.001EPSS
Oracle Linux 9 : libreoffice (ELSA-2024-3835)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz#2210193 CVE-2023-0950 Array Index...
8.8CVSS
7.4AI Score
0.001EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1989-1 advisory. - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727) - Remove SLE15 SP4 from the distro check (end of general...
8.3CVSS
8.3AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.4AI Score
0.001EPSS
WP Visitors Tracker < 2.4 - Reflected Cross-Site Scripting
Description The WP Visitors Tracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.3AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.001EPSS
4.4CVSS
7.5AI Score
0.0004EPSS
7.4AI Score
Description The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input...
6.4CVSS
5.8AI Score
0.001EPSS
Eduma < 5.4.8 - Reflected Cross-Site Scripting
Description The Eduma plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
7.1CVSS
6.3AI Score
0.0004EPSS
Dashboard Widgets Suite < 3.4.4 - Reflected Cross-Site Scripting
Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6.3AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.05EPSS
7.8CVSS
7.5AI Score
0.001EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1979-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1979-1 advisory. The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
7.8CVSS
7.9AI Score
0.001EPSS
7.4AI Score
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
0.0004EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
8.4AI Score
0.0004EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
5.6AI Score
0.0004EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.001EPSS
New cups packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a...
4.4CVSS
7.3AI Score
0.0004EPSS
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
5.7AI Score
0.0004EPSS
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
0.0004EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
6AI Score
0.0004EPSS
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy[1]. The /proxy endpoint accepts a host path segment in the format /proxy/<host>. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value o...
9.6CVSS
5.8AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...
5.3CVSS
6.7AI Score
0.0004EPSS
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
9.8CVSS
9.7AI Score
0.05EPSS
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...
0.0004EPSS
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the...
0.0004EPSS
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...
6.8AI Score
0.0004EPSS
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the...
7AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS