Lucene search

K

Coming Soon – Under Construction Security Vulnerabilities

debiancve
debiancve

CVE-2024-36972

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the...

6.7AI Score

0.0004EPSS

2024-06-10 03:15 PM
3
nvd
nvd

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as.....

0.0004EPSS

2024-06-10 03:15 PM
3
nvd
nvd

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

0.0004EPSS

2024-06-10 03:15 PM
2
cve
cve

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

6.9AI Score

0.0004EPSS

2024-06-10 03:15 PM
24
cve
cve

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as.....

6.1AI Score

0.0004EPSS

2024-06-10 03:15 PM
24
vulnrichment
vulnrichment

CVE-2024-36972 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the socket...

6.6AI Score

0.0004EPSS

2024-06-10 02:57 PM
1
cvelist
cvelist

CVE-2024-36972 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the socket...

0.0004EPSS

2024-06-10 02:57 PM
veracode
veracode

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames (Clickjacking). The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

4.3CVSS

6.6AI Score

0.0004EPSS

2024-06-10 01:58 PM
schneier
schneier

Exploiting Mistyped URLs

Interesting research: "Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains": Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous...

7.3AI Score

2024-06-10 11:08 AM
4
thn
thn

Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,"...

7AI Score

2024-06-10 11:00 AM
7
packetstorm

7AI Score

0.0004EPSS

2024-06-10 12:00 AM
62
nessus
nessus

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-640)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-640 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to...

7.2AI Score

0.0004EPSS

2024-06-10 12:00 AM
2
cvelist
cvelist

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

0.0004EPSS

2024-06-10 12:00 AM
1
spring
spring

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,.....

7AI Score

2024-06-10 12:00 AM
1
cvelist
cvelist

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as.....

0.0004EPSS

2024-06-10 12:00 AM
1
thn
thn

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP...

9.8CVSS

8.2AI Score

0.973EPSS

2024-06-08 07:35 AM
2
nvd
nvd

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

0.001EPSS

2024-06-08 06:15 AM
2
cve
cve

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
vulnrichment
vulnrichment

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

6.5AI Score

0.001EPSS

2024-06-08 05:44 AM
1
cvelist
cvelist

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

0.001EPSS

2024-06-08 05:44 AM
3
github
github

ZendOpenID potential security issue in login mechanism

Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....

7.2AI Score

2024-06-07 10:28 PM
3
osv
osv

ZendOpenID potential security issue in login mechanism

Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....

7.2AI Score

2024-06-07 10:28 PM
3
github
github

Zendframework potential security issue in login mechanism

Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....

7.2AI Score

2024-06-07 10:24 PM
3
osv
osv

Zendframework potential security issue in login mechanism

Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....

7.2AI Score

2024-06-07 10:24 PM
4
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
4
thn
thn

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

7.7AI Score

2024-06-07 07:48 AM
1
thn
thn

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...

7.2AI Score

2024-06-07 07:13 AM
1
redhatcve
redhatcve

CVE-2024-37280

A flaw was found in Elasticsearch that affects document ingestion when an index template contains a dynamic field mapping of the “passthrough” type. Under certain circumstances, ingesting documents in this index can cause a StackOverflow exception to be thrown, leading to a denial of...

4.9CVSS

6.9AI Score

0.0004EPSS

2024-06-07 07:05 AM
thn
thn

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their.....

8.8CVSS

8.1AI Score

0.975EPSS

2024-06-07 05:10 AM
1
cve
cve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-07 01:15 AM
7
nvd
nvd

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

0.0004EPSS

2024-06-07 01:15 AM
1
debiancve
debiancve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-07 01:15 AM
cvelist
cvelist

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

0.0004EPSS

2024-06-07 12:14 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6812-1)

The remote host is missing an update for...

3.7CVSS

5.1AI Score

0.001EPSS

2024-06-07 12:00 AM
nessus
nessus

IBM DB2 Multiple Vulnerabilities (7145721, 7145727) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: IBM Db2 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. (CVE-2023-38729) IBM Db2 is vulnerable to a denial of service caused by a...

6.8CVSS

5.5AI Score

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6811-1)

The remote host is missing an update for...

3.7CVSS

5.1AI Score

0.001EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for qt5ct (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6813-1)

The remote host is missing an update for...

3.7CVSS

5.1AI Score

0.001EPSS

2024-06-07 12:00 AM
1
nessus
nessus

IBM DB2 DoS (7145727) (Unix)

According to it self-reported version number, IBM Db2 is affected by a denial of service vulnerability with a specially crafted query under certain conditions.. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
ubuntucve
ubuntucve

CVE-2024-32752

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration. Notes Author| Note ---|--- mdeslaur | This has nothing to do with the ICU package in...

6.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
osv
osv

Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

6.5AI Score

0.0004EPSS

2024-06-06 09:30 PM
github
github

Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-06 09:30 PM
3
nvd
nvd

CVE-2024-32752

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

0.0004EPSS

2024-06-06 09:15 PM
1
cve
cve

CVE-2024-32752

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

7.1AI Score

0.0004EPSS

2024-06-06 09:15 PM
27
cvelist
cvelist

CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

0.0004EPSS

2024-06-06 08:49 PM
1
vulnrichment
vulnrichment

CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

6.9AI Score

0.0004EPSS

2024-06-06 08:49 PM
amazon
amazon

Medium: openssl11

Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....

6.6AI Score

0.0004EPSS

2024-06-06 08:17 PM
osv
osv

CVE-2024-2383

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

6.5AI Score

0.0004EPSS

2024-06-06 07:15 PM
nvd
nvd

CVE-2024-2383

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

0.0004EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-2383

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-06 07:15 PM
21
Total number of security vulnerabilities149229