Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

fedora
fedora

[SECURITY] Fedora 38 Update: stalld-1.19.2-1.fc38

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

7.3AI Score

2024-05-04 02:20 AM
3
fedora
fedora

[SECURITY] Fedora 39 Update: stalld-1.19.2-1.fc39

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

7.3AI Score

2024-05-04 01:33 AM
3
fedora
fedora

[SECURITY] Fedora 40 Update: stalld-1.19.2-1.fc40

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds....

7.3AI Score

2024-05-04 01:23 AM
4
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...

7.8CVSS

7.6AI Score

EPSS

2024-05-04 12:00 AM
8
redhatcve
redhatcve

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

7CVSS

6.4AI Score

0.0004EPSS

2024-05-03 06:54 PM
7
ibm
ibm

Security Bulletin: IBM Aspera Orchestrator affected by cryptographic and cross-site scripting vulnerabilities (CVE-2023-27283, CVE-2023-27280, CVE-2023-27281)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to cryptographic algoritms and cross-site scripting that could allow sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2023-27283 DESCRIPTION: **IBM Aspera Orchestrator is vulnerable to stored...

5.3CVSS

6.6AI Score

EPSS

2024-05-03 06:31 PM
20
ibm
ibm

Security Bulletin: IBM Aspera Orchestrator affected by usage of vulnerable software (CVE-2020-27511, CVE-2022-31160, CVE-2021-41184, CVE-2021-41182, CVE-2021-41183, CVE-2018-20677, CVE-2018-20676, CVE-2018-14040, CVE-2016-10735, CVE-2019-8331)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to the use of vulnerable software (jQuery and Bootstrap) that could allow denial of service and cross-site scripting attacks. Vulnerability Details ** CVEID: CVE-2020-27511 DESCRIPTION: **Prototype is vulnerable to a...

7.5CVSS

8.4AI Score

0.008EPSS

2024-05-03 03:22 PM
7
cve
cve

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

7CVSS

6.5AI Score

0.0004EPSS

2024-05-03 03:15 PM
35
nvd
nvd

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

7CVSS

6.6AI Score

0.0004EPSS

2024-05-03 03:15 PM
debiancve
debiancve

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

7CVSS

6.6AI Score

0.0004EPSS

2024-05-03 03:15 PM
2
cvelist
cvelist

CVE-2022-48689 tcp: TX zerocopy should not sense pfmemalloc status

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

6.8AI Score

0.0004EPSS

2024-05-03 03:00 PM
osv
osv

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...

9.6CVSS

7.2AI Score

0.0004EPSS

2024-05-03 10:15 AM
4
nvd
nvd

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...

9.6CVSS

9.3AI Score

0.0004EPSS

2024-05-03 10:15 AM
cve
cve

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...

9.6CVSS

7.1AI Score

0.0004EPSS

2024-05-03 10:15 AM
27
cvelist
cvelist

CVE-2024-32986 Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...

9.6CVSS

9.4AI Score

0.0004EPSS

2024-05-03 09:58 AM
ibm
ibm

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details ** CVEID: CVE-2021-37533 DESCRIPTION: **Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an...

6.5CVSS

9.2AI Score

0.004EPSS

2024-05-03 07:20 AM
4
nvd
nvd

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS

6.2AI Score

0.001EPSS

2024-05-03 06:15 AM
cve
cve

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS

6.1AI Score

0.001EPSS

2024-05-03 06:15 AM
55
vulnrichment
vulnrichment

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS

5.9AI Score

0.001EPSS

2024-05-03 05:32 AM
cvelist
cvelist

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS

6.3AI Score

0.001EPSS

2024-05-03 05:32 AM
ubuntucve
ubuntucve

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS

6.1AI Score

0.001EPSS

2024-05-03 12:00 AM
14
wpvulndb
wpvulndb

Maintenance Mode by helderk < 3.0.2 - Unauthenticated IP Spoofing

Description The Maintenance Mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.0.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP...

7AI Score

0.0004EPSS

2024-05-03 12:00 AM
3
ubuntucve
ubuntucve

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

7CVSS

6.8AI Score

0.0004EPSS

2024-05-03 12:00 AM
3
wpvulndb
wpvulndb

Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Countdown Widget

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...

6.4CVSS

6AI Score

0.001EPSS

2024-05-03 12:00 AM
2
ibm
ibm

Security Bulletin: IBM Aspera Orchestrator affected by a command injection vulnerability (CVE-2023-37407)

Summary IBM Aspera Orchestrator has addressed a vulnerability that could allow execution of arbitrary code (CVE-2023-37407). Vulnerability Details ** CVEID: CVE-2023-37407 DESCRIPTION: **IBM Aspera Orchestrator could allow a remote authenticated attacker to execute arbitrary commands on the...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-05-02 09:30 PM
9
malwarebytes
malwarebytes

Dropbox Sign customer data accessed in breach

Dropbox is reporting a recent "security incident" in which an attacker gained unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to...

7.5AI Score

2024-05-02 08:44 PM
8
nvd
nvd

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-02 05:15 PM
20
cve
cve

CVE-2024-3489

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to.....

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-02 05:15 PM
23
nvd
nvd

CVE-2024-3489

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to.....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-02 05:15 PM
nvd
nvd

CVE-2024-3307

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-3307

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 05:15 PM
31
nvd
nvd

CVE-2024-3199

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-3199

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 05:15 PM
23
nvd
nvd

CVE-2024-3161

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-3161

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 05:15 PM
22
cvelist
cvelist

CVE-2024-3307

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-3588

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-3199

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-3489

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to.....

6.4CVSS

6.2AI Score

0.0004EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-3161

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor....

6.4CVSS

6AI Score

0.001EPSS

2024-05-02 04:52 PM
github
github

Introducing Artifact Attestations–now in public beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help...

6.3AI Score

2024-05-02 04:00 PM
12
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

9.1AI Score

EPSS

2024-05-02 02:49 PM
47
mssecure
mssecure

Microsoft introduces passkeys for consumer accounts

Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision.....

7.2AI Score

2024-05-02 01:00 PM
4
rapid7blog
rapid7blog

The Take Command Summit: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May 21

By now you should have heard about Take Command, Rapid7’s day-long virtual summit on May 21 bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, challenges, and opportunities in the industry. It’s an opportunity to expand your...

7.4AI Score

2024-05-02 01:00 PM
9
kitploit
kitploit

C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The Life Of Penetration Testers

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface. C2...

7.4AI Score

2024-05-02 12:30 PM
20
qualysblog
qualysblog

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, 'In the midst of chaos, there is also opportunity.' This aptly captures the essence of today's cybersecurity landscape. Managed Security Service Providers (MSSPs) stand at the forefront, turning chaos into opportunity by securing digital assets across the entire...

7.3AI Score

2024-05-02 12:15 PM
6
nessus
nessus

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
6
Total number of security vulnerabilities38013