Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.1AI Score

2024-06-17 08:28 PM
3
nvd
nvd

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

0.0004EPSS

2024-06-17 07:15 PM
4
cve
cve

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

6.7AI Score

0.0004EPSS

2024-06-17 07:15 PM
16
nvd
nvd

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

0.0004EPSS

2024-06-17 06:15 PM
5
cve
cve

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

6.1AI Score

0.0004EPSS

2024-06-17 06:15 PM
15
redhatcve
redhatcve

CVE-2024-24789

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

5.5CVSS

5.1AI Score

0.0004EPSS

2024-06-17 05:20 PM
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a...

7.5CVSS

6.8AI Score

0.052EPSS

2024-06-17 04:28 PM
78
osv
osv

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.5AI Score

0.0004EPSS

2024-06-17 04:15 PM
1
nvd
nvd

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

0.0004EPSS

2024-06-17 04:15 PM
2
debiancve
debiancve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.8AI Score

0.0004EPSS

2024-06-17 04:15 PM
1
cve
cve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.3AI Score

0.0004EPSS

2024-06-17 04:15 PM
25
osv
osv

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.6AI Score

0.0004EPSS

2024-06-17 03:09 PM
1
vulnrichment
vulnrichment

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.5AI Score

0.0004EPSS

2024-06-17 03:09 PM
cvelist
cvelist

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

0.0004EPSS

2024-06-17 03:09 PM
8
githubexploit
githubexploit

Exploit for CVE-2024-4367

PDF.js Vulnerability Demo Project This project is intended to...

7.2AI Score

2024-06-17 11:39 AM
90
rosalinux
rosalinux

Advisory ROSA-SA-2024-2433

software: emacs 28.1 WASP: ROSA-CHROME package_evr_string: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir...

9.8CVSS

7.9AI Score

0.002EPSS

2024-06-17 09:05 AM
githubexploit
githubexploit

Exploit for CVE-2024-0757

CVE-2024-0757 (Exploit) Description The Insert or Embed...

8AI Score

0.0004EPSS

2024-06-17 07:46 AM
99
veracode
veracode

Improper Access Control

silverstripe/framework is vulnerable to Improper Access Control. The vulnerability is due to a weakness in the .htaccess rules preventing requests to uploaded PHP scripts, which allows PHP scripts in the assets directory to be executed via a specially crafted...

7AI Score

2024-06-17 07:21 AM
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:15 AM
3
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
16
nvd
nvd

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:15 AM
4
cve
cve

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
21
cvelist
cvelist

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-17 06:00 AM
cvelist
cvelist

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2039-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2039-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

Debian dla-3835 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected] ...

6.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : booth (SUSE-SU-2024:2040-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2040-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server....

5.9CVSS

5.6AI Score

0.001EPSS

2024-06-17 12:00 AM
3
nessus
nessus

RHEL 7 : linux-firmware (RHSA-2024:3939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...

8.2CVSS

7.4AI Score

0.0005EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-06-17 12:00 AM
3
nessus
nessus

RHEL 9 : firefox (RHSA-2024:3958)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3958 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 9 : firefox (RHSA-2024:3955)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3953)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)

The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-17 12:00 AM
1
cvelist
cvelist

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

0.0004EPSS

2024-06-17 12:00 AM
ubuntucve
ubuntucve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3950)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3950 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

RHEL 7 : firefox (RHSA-2024:3951)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

6.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:2038-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2038-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-17 12:00 AM
2
nessus
nessus

Fedora 39 : galera / mariadb (2024-d61bffd77f)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-d61bffd77f advisory. MariaDB 10.5.25 & Galera 26.4.18 Release notes: https://mariadb.com/kb/en/mariadb-10-5-25-release-notes/ Tenable has extracted the preceding...

4.9CVSS

7AI Score

0.0005EPSS

2024-06-17 12:00 AM
1
nessus
nessus

Debian dla-3832 : python-bson - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3832 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3832-1 [email protected] ...

8.1CVSS

8AI Score

0.001EPSS

2024-06-17 12:00 AM
1
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked...

8.1AI Score

EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3954)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : SSSD vulnerability (USN-6836-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6836-1 advisory. It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations....

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
cvelist
cvelist

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3960)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
Total number of security vulnerabilities347073