Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

nessus
nessus

RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7242 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

8.1CVSS

9.5AI Score

0.003EPSS

2024-04-28 12:00 AM
3
nessus
nessus

RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

9.8CVSS

9.5AI Score

0.186EPSS

2024-04-28 12:00 AM
3
ubuntucve
ubuntucve

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....

6.5AI Score

0.0004EPSS

2024-04-28 12:00 AM
5
nvd
nvd

CVE-2024-3309

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-27 10:15 AM
1
cve
cve

CVE-2024-3309

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-27 10:15 AM
26
cvelist
cvelist

CVE-2024-3309

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-27 09:37 AM
nessus
nessus

RHEL 7 : opendaylight (RHSA-2018:2598)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2598 advisory. OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of...

5.9CVSS

6.4AI Score

0.011EPSS

2024-04-27 12:00 AM
1
nvd
nvd

CVE-2024-33638

Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-04-26 08:15 AM
cve
cve

CVE-2024-33638

Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-04-26 08:15 AM
29
cvelist
cvelist

CVE-2024-33638 WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-04-26 07:12 AM
wpvulndb
wpvulndb

Getwid – Gutenberg Blocks < 2.0.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

Description The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.8AI Score

0.001EPSS

2024-04-26 12:00 AM
2
talosblog
talosblog

The private sector probably isn’t coming to save the NVD

I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability that's disclosed and/or patched is now so far...

7.3AI Score

0.001EPSS

2024-04-25 06:00 PM
11
cve
cve

CVE-2024-25624

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

6.8CVSS

7.4AI Score

0.0004EPSS

2024-04-25 05:15 PM
29
nvd
nvd

CVE-2024-25624

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

6.8CVSS

7AI Score

0.0004EPSS

2024-04-25 05:15 PM
cvelist
cvelist

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

6.8CVSS

7.2AI Score

0.0004EPSS

2024-04-25 04:30 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

9.9AI Score

EPSS

2024-04-25 03:56 PM
42
schneier
schneier

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....

6.7AI Score

2024-04-25 11:02 AM
10
debiancve
debiancve

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

6.8AI Score

0.0004EPSS

2024-04-25 06:15 AM
4
cve
cve

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

6.3AI Score

0.0004EPSS

2024-04-25 06:15 AM
704
nvd
nvd

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

7.5AI Score

0.0004EPSS

2024-04-25 06:15 AM
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.0 - Contributor+ Stored Cross-Site Scripting via Countdown Widget

Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....

6.4CVSS

5.9AI Score

0.001EPSS

2024-04-25 12:00 AM
4
ubuntucve
ubuntucve

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

6.1AI Score

0.0004EPSS

2024-04-25 12:00 AM
5
talos
talos

Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-04-25 12:00 AM
9
wpvulndb
wpvulndb

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce < 2.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes....

7.8AI Score

0.0004EPSS

2024-04-25 12:00 AM
5
cvelist
cvelist

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

7.7AI Score

0.0004EPSS

2024-04-24 09:49 PM
vulnrichment
vulnrichment

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

6.7AI Score

0.0004EPSS

2024-04-24 09:49 PM
github
github

Securing millions of developers through 2FA

Though technology has advanced significantly to combat the proliferation of sophisticated security threats, the reality is that preventing the next cyberattack depends on getting the security basics right, and efforts to secure the software ecosystem must protect the developers who design, build,.....

7.4AI Score

2024-04-24 03:00 PM
8
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS

8.6AI Score

0.001EPSS

2024-04-24 01:04 PM
11
qualysblog
qualysblog

Staying Five Steps Ahead of Cyber Risk

Organizations are continuously seeking effective strategies to protect their digital environments. With over 26,000 vulnerabilities discovered last year, Qualys Vulnerability Management, Detection, and Response (VMDR) offers a comprehensive solution designed to meet the needs of both security and.....

7.6AI Score

2024-04-24 01:00 PM
4
malwarebytes
malwarebytes

TikTok comes one step closer to a US ban

The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...

7.2AI Score

2024-04-24 12:01 PM
13
securelist
securelist

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....

7.6AI Score

2024-04-24 10:10 AM
15
spring
spring

This Week in Spring - Tuesday, April 23rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...

7.1AI Score

2024-04-24 12:00 AM
2
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.78/.79 for Windows and...

8.8CVSS

7.7AI Score

0.001EPSS

2024-04-24 12:00 AM
17
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in Batik Jars which are shipped with IBM® Intelligent Operations Center(CVE-2022-44730, CVE-2022-44729)

Summary Multiple vulnerabilities have been identified in Batik jars which are shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:....

7.1CVSS

6.3AI Score

0.001EPSS

2024-04-23 06:50 PM
13
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

7.5CVSS

7.2AI Score

0.001EPSS

2024-04-23 06:49 PM
7
wordfence
wordfence

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a.....

6.8AI Score

0.001EPSS

2024-04-23 03:00 PM
7
nessus
nessus

Debian dla-3792 : ctdb - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3792 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and...

6.5CVSS

7.9AI Score

0.038EPSS

2024-04-23 12:00 AM
5
oraclelinux
oraclelinux

java-21-openjdk security update

[1:21.0.3.0.9-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.3.0.9-1] - Update to jdk-21.0.3+9 (GA) - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** -.....

3.7CVSS

4.2AI Score

0.001EPSS

2024-04-23 12:00 AM
9
krebs
krebs

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites......

6.8AI Score

2024-04-22 08:07 PM
7
osv
osv

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

5.9CVSS

7.5AI Score

0.001EPSS

2024-04-22 06:45 PM
8
github
github

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

5.9CVSS

7.5AI Score

0.001EPSS

2024-04-22 06:45 PM
8
github
github

@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation.....

10CVSS

7.3AI Score

0.005EPSS

2024-04-22 06:38 PM
9
osv
osv

@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation.....

10CVSS

9.7AI Score

0.005EPSS

2024-04-22 06:38 PM
3
github
github

LibreNMS vulnerable to SQL injection time-based leads to database extraction

Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. Details There is a lack of hygiene of data coming from the user in line 83 of the file...

7.1CVSS

8.2AI Score

0.0004EPSS

2024-04-22 06:37 PM
4
osv
osv

LibreNMS vulnerable to SQL injection time-based leads to database extraction

Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. Details There is a lack of hygiene of data coming from the user in line 83 of the file...

7.1CVSS

7.8AI Score

0.0004EPSS

2024-04-22 06:37 PM
3
thn
thn

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming?...

7.3AI Score

2024-04-22 11:30 AM
23
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22045, CVE-2023-22049)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

3.7CVSS

6.9AI Score

0.001EPSS

2024-04-22 09:59 AM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:43 AM
6
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:43 AM
5
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:41 AM
4
Total number of security vulnerabilities38013