Lucene search

K

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

openvas
openvas

Fedora: Security Advisory for qt6-qtwebsockets (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for qt5-qttranslations (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
cvelist
cvelist

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the...

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for qt6-qtmultimedia (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
github
github

Remote code execution in mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

9.7AI Score

0.0004EPSS

2024-06-06 09:30 PM
6
osv
osv

Remote code execution in mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

8.1AI Score

0.0004EPSS

2024-06-06 09:30 PM
2
nvd
nvd

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

0.0004EPSS

2024-06-06 07:15 PM
2
osv
osv

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

8.1AI Score

0.0004EPSS

2024-06-06 07:15 PM
1
cve
cve

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

9.7AI Score

0.0004EPSS

2024-06-06 07:15 PM
33
github
github

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

3.5CVSS

4.3AI Score

0.0004EPSS

2024-06-06 06:21 PM
3
osv
osv

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

3.5CVSS

4.3AI Score

0.0004EPSS

2024-06-06 06:21 PM
4
cvelist
cvelist

CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

0.0004EPSS

2024-06-06 06:19 PM
2
vulnrichment
vulnrichment

CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...

10CVSS

8AI Score

0.0004EPSS

2024-06-06 06:19 PM
metasploit
metasploit

Telerik Report Server Auth Bypass

This module exploits an authentication bypass vulnerability in Telerik Report Server versions 10.0.24.305 and prior which allows an unauthenticated attacker to create a new account with administrative privileges. The vulnerability leverages the initial setup page which is still accessible once the....

9.9CVSS

7.2AI Score

0.938EPSS

2024-06-06 05:46 PM
6
metasploit
metasploit

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-06 05:04 PM
13
thn
thn

Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them

_Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. _ In an...

9AI Score

2024-06-06 11:30 AM
1
ubuntucve
ubuntucve

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-06-06 12:00 AM
3
oraclelinux
oraclelinux

kernel security and bug fix update

[5.14.0-427.20.1_4.OL9] Disable UKI signing [Orabug: 36571828] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey...

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
2
zdi
zdi

Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

6.4AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
oraclelinux
oraclelinux

ruby:3.1 security, bug fix, and enhancement update

ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...

6.8AI Score

EPSS

2024-06-06 12:00 AM
oraclelinux
oraclelinux

ruby:3.3 security, bug fix, and enhancement update

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability...

6.5AI Score

EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 9 : ruby:3.3 (RHSA-2024:3671)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3671 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8AI Score

EPSS

2024-06-06 12:00 AM
nessus
nessus

PHP 8.3.x < 8.3.8 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.5AI Score

0.973EPSS

2024-06-06 12:00 AM
5
nessus
nessus

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.5AI Score

0.973EPSS

2024-06-06 12:00 AM
5
nessus
nessus

RHEL 8 : ruby:3.3 (RHSA-2024:3670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8AI Score

EPSS

2024-06-06 12:00 AM
nessus
nessus

AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....

9.8AI Score

EPSS

2024-06-06 12:00 AM
2
nessus
nessus

RHEL 9 : ruby:3.1 (RHSA-2024:3668)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3668 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.3AI Score

EPSS

2024-06-06 12:00 AM
packetstorm

9.8CVSS

7AI Score

0.035EPSS

2024-06-06 12:00 AM
77
nessus
nessus

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.3AI Score

0.973EPSS

2024-06-06 12:00 AM
ibm
ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details ** CVEID: CVE-2023-45285 DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to fetch a module with the ".git"...

9.8CVSS

8.6AI Score

0.002EPSS

2024-06-05 08:46 PM
3
cve
cve

CVE-2024-28818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the...

5.9CVSS

6.5AI Score

EPSS

2024-06-05 07:15 PM
21
nvd
nvd

CVE-2024-28818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the...

5.9CVSS

5.6AI Score

EPSS

2024-06-05 07:15 PM
1
cve
cve

CVE-2023-50804

An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check format types specified by the NAS (Non-Access-Stratum)...

3.7CVSS

6.8AI Score

EPSS

2024-06-05 07:15 PM
31
cve
cve

CVE-2023-50803

An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check replay protection specified by the NAS...

3.7CVSS

6.7AI Score

EPSS

2024-06-05 07:15 PM
28
nvd
nvd

CVE-2023-50803

An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check replay protection specified by the NAS...

3.7CVSS

4.1AI Score

EPSS

2024-06-05 07:15 PM
1
nvd
nvd

CVE-2023-50804

An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check format types specified by the NAS (Non-Access-Stratum)...

3.7CVSS

4.2AI Score

EPSS

2024-06-05 07:15 PM
nvd
nvd

CVE-2024-36129

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-05 06:15 PM
1
cve
cve

CVE-2024-36129

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this...

8.2CVSS

8.1AI Score

0.0004EPSS

2024-06-05 06:15 PM
30
redhatcve
redhatcve

CVE-2024-5629

A flaw was found in the bson module contained in the python-pymongo package. A malformed BSON file may trigger an exception, leading to a denial of service and eventually sensitive memory data...

4.7CVSS

4.5AI Score

0.0004EPSS

2024-06-05 05:34 PM
4
cvelist
cvelist

CVE-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-05 05:26 PM
github
github

Typo3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly...

8AI Score

2024-06-05 05:22 PM
4
osv
osv

Typo3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly...

8AI Score

2024-06-05 05:22 PM
1
osv
osv

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
3
github
github

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
10
githubexploit
githubexploit

Exploit for CVE-2024-4956

CVE-2024-4956 This repository contains a Python utility for...

7.5CVSS

7.6AI Score

0.013EPSS

2024-06-05 03:37 PM
92
osv
osv

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 03:30 PM
2
github
github

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 03:30 PM
3
nvd
nvd

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 03:15 PM
cve
cve

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 03:15 PM
24
debiancve
debiancve

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.8AI Score

0.0004EPSS

2024-06-05 03:15 PM
1
Total number of security vulnerabilities116390