Lucene search

K

CorreosExpress – Shipping Management – Tags Security Vulnerabilities

nvd
nvd

CVE-2024-32893

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
cve
cve

CVE-2024-32894

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.2AI Score

0.0004EPSS

2024-06-13 09:15 PM
26
cve
cve

CVE-2024-32892

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7AI Score

0.0004EPSS

2024-06-13 09:15 PM
26
nvd
nvd

CVE-2024-32895

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-32893

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
20
nvd
nvd

CVE-2024-32891

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-32891

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7AI Score

0.0004EPSS

2024-06-13 09:15 PM
27
nvd
nvd

CVE-2024-32894

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
nvd
nvd

CVE-2024-32892

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-32895

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
20
nvd
nvd

CVE-2024-29785

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
cve
cve

CVE-2024-29785

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6AI Score

0.0004EPSS

2024-06-13 09:15 PM
22
nvd
nvd

CVE-2024-29786

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
cve
cve

CVE-2024-29786

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

7.5AI Score

0.0004EPSS

2024-06-13 09:15 PM
25
nvd
nvd

CVE-2024-29781

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
nvd
nvd

CVE-2024-29787

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-29781

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.3AI Score

0.0004EPSS

2024-06-13 09:15 PM
22
nvd
nvd

CVE-2024-29784

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-29787

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
20
cve
cve

CVE-2024-29784

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
22
nvd
nvd

CVE-2024-29778

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
nvd
nvd

CVE-2024-29780

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
cve
cve

CVE-2024-29778

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...

5.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
22
cve
cve

CVE-2024-29780

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6AI Score

0.0004EPSS

2024-06-13 09:15 PM
22
cve
cve

CVE-2024-22441

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication...

7.2AI Score

0.0004EPSS

2024-06-13 04:15 PM
22
aix
aix

AIX is affected by information disclosure due to Python (CVE-2024-28757)

IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...

7.3AI Score

0.0004EPSS

2024-06-13 03:37 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.9AI Score

EPSS

2024-06-13 03:35 PM
6
cve
cve

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

3.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
25
nvd
nvd

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

0.0004EPSS

2024-06-13 02:15 PM
2
vulnrichment
vulnrichment

CVE-2024-22333 IBM Maximo Application Suite information disclosure

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 01:55 PM
2
cvelist
cvelist

CVE-2024-22333 IBM Maximo Application Suite information disclosure

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

0.0004EPSS

2024-06-13 01:55 PM
4
nvd
nvd

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

0.0004EPSS

2024-06-13 01:15 PM
5
cve
cve

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-13 01:15 PM
22
nuclei
nuclei

Web Directory Free < 1.7.0 - SQL Injection

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

7.5AI Score

0.001EPSS

2024-06-13 12:47 PM
cvelist
cvelist

CVE-2024-36395 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

0.0004EPSS

2024-06-13 12:32 PM
3
ics
ics

Siemens Mendix Applications

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

5.9CVSS

7.1AI Score

0.0004EPSS

2024-06-13 12:00 PM
6
thn
thn

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don't have efficient methods to manage related time-sensitive SaaS security and compliance tasks.....

7.2AI Score

2024-06-13 11:30 AM
12
nuclei
nuclei

SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host...

8.6CVSS

6.4AI Score

0.343EPSS

2024-06-13 10:02 AM
26
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
2
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
22
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
2
cvelist
cvelist

CVE-2024-34107 A guest customer can associate other customer's shipping address to its guest cart which allows guest being able to view other customer's address

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...

5.3CVSS

0.0005EPSS

2024-06-13 09:04 AM
1
vulnrichment
vulnrichment

CVE-2024-34107 A guest customer can associate other customer's shipping address to its guest cart which allows guest being able to view other customer's address

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...

5.3CVSS

6.9AI Score

0.0005EPSS

2024-06-13 09:04 AM
1
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
2
cvelist
cvelist

CVE-2024-26126 HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/mergetag.html/*`

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation....

3.5CVSS

0.0005EPSS

2024-06-13 07:53 AM
6
vulnrichment
vulnrichment

CVE-2024-26126 HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/mergetag.html/*`

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation....

3.5CVSS

6.6AI Score

0.0005EPSS

2024-06-13 07:53 AM
1
vulnrichment
vulnrichment

CVE-2024-26127 HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/movetag.html/*`

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation....

3.5CVSS

6.6AI Score

0.0005EPSS

2024-06-13 07:52 AM
cvelist
cvelist

CVE-2024-26127 HTML Injection at `https://author-bugbounty-65-prod.adobecqms.net/libs/cq/tagging/gui/content/tags/movetag.html/*`

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation....

3.5CVSS

0.0005EPSS

2024-06-13 07:52 AM
cve
cve

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 06:15 AM
25
Total number of security vulnerabilities140915