Lucene search

K

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

github
github

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

8.1AI Score

2024-06-05 03:10 PM
2
osv
osv

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

8.1AI Score

2024-06-05 03:10 PM
osv
osv

Cross-Site Scripting (XSS) in TYPO3 Backend

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this...

7AI Score

2024-06-05 03:03 PM
github
github

Cross-Site Scripting (XSS) in TYPO3 Backend

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this...

7AI Score

2024-06-05 03:03 PM
1
osv
osv

Information Disclosure in TYPO3 Backend

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...

6.9AI Score

2024-06-05 03:01 PM
1
github
github

Information Disclosure in TYPO3 Backend

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...

6.9AI Score

2024-06-05 03:01 PM
2
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2024-24788]

Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...

6.2AI Score

0.0004EPSS

2024-06-05 03:00 PM
vulnrichment
vulnrichment

CVE-2024-5629 Out-of-bounds read in bson module of PyMongo

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.8AI Score

0.0004EPSS

2024-06-05 02:32 PM
cvelist
cvelist

CVE-2024-5629 Out-of-bounds read in bson module of PyMongo

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.6AI Score

0.0004EPSS

2024-06-05 02:32 PM
mongodb
mongodb

Out-of-bounds read in bson module of PyMongo

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 02:32 PM
osv
osv

Missing Access Check in TYPO3 CMS

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...

7.9AI Score

2024-06-05 02:22 PM
2
github
github

Missing Access Check in TYPO3 CMS

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...

7.9AI Score

2024-06-05 02:22 PM
1
talosblog
talosblog

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...

7.9AI Score

2024-06-05 12:00 PM
5
osv
osv

CVE-2024-4743

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS

7.2AI Score

0.0005EPSS

2024-06-05 09:15 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtxmlpatterns-5.15.14-1.fc40

The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema...

6.6AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtx11extras-5.15.14-1.fc40

The X11 Extras module provides features specific to platforms using X11, e. g. Linux and UNIX-like systems including embedded Linux systems that use the X Window...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
fedora

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtwebchannel-5.15.14-1.fc40

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes...

6.6AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtwayland-5.15.14-1.fc40

Qt5 - Wayland platform support and QtCompositor...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtwebsockets-5.15.14-1.fc40

The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtspeech-5.15.14-1.fc40

The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. T he most common use case where text-to-speech comes in handy is when the end-user is...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtmultimedia-5.15.14-1.fc40

The Qt Multimedia module provides a rich feature set that enables you to easily take advantage of a platforms multimedia capabilites and hardware. This ranges from the playback and recording of audio and video content to the use of available devices like cameras and...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtquickcontrols-5.15.14-1.fc40

The Qt Quick Controls module provides a set of controls that can be used to build complete interfaces in Qt...

6.3AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtquickcontrols2-5.15.14-1.fc40

The Qt Labs Controls module provides a set of controls that can be used to build complete interfaces in Qt Quick. Unlike Qt Quick Controls, these controls are optimized for embedded systems and so are preferred for hardware with limited...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtremoteobjects-5.15.14-1.fc40

Qt Remote Objects (QtRO) is an inter-process communication (IPC) module dev eloped for...

6.7AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40

The Qt SCXML module provides functionality to create state machines from SC XML files. This includes both dynamically creating state machines loading the SCXML fi le and instantiating states and transitions) and generating a C++ file that has a class implementing the state machine. It also...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtimageformats-5.15.14-1.fc40

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtdoc-5.15.14-1.fc40

QtDoc contains the main Qt Reference Documentation, which includes overviews, Qt topics, and examples not specific to any Qt...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtdatavis3d-5.15.14-1.fc40

Qt Data Visualization module provides multiple graph types to visualize dat a in 3D space both with C++ and Qt Quick...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtgraphicaleffects-5.15.14-1.fc40

The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. Effects are visual items that can be added to Qt Quick user interface as UI...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtcharts-5.15.14-1.fc40

Qt Charts module provides a set of easy to use chart components. It uses th e Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QG raphicsWidget, or QML types. Users can easily create impressive graphs by selecting...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: fcitx5-qt-5.1.6-3.fc40

Qt library and IM module for...

6.6AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-05 01:05 AM
112
zdt

9.8CVSS

7AI Score

0.035EPSS

2024-06-05 12:00 AM
7
drupal
drupal

Acquia DAM - Moderately critical - Access bypass, Denial of Service - SA-CONTRIB-2024-025

Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance. The module doesn't sufficiently....

6.8AI Score

2024-06-05 12:00 AM
1
nessus
nessus

AlmaLinux 8 : ruby:3.1 (ALSA-2024:3546)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: Arbitrary.....

7.3AI Score

EPSS

2024-06-05 12:00 AM
openvas
openvas

openSUSE: Security Advisory for Java (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

7.5CVSS

7.7AI Score

0.005EPSS

2024-06-05 12:00 AM
nessus
nessus

F5 Networks BIG-IP : PyYAML vulnerability (K000139901)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139901 advisory. In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load()...

9.8CVSS

8.1AI Score

0.014EPSS

2024-06-05 12:00 AM
oraclelinux
oraclelinux

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

7.8CVSS

9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1923-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1923-1 advisory. unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list...

7.5CVSS

7.7AI Score

0.05EPSS

2024-06-05 12:00 AM
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
7
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to arbitrary code execution due to [CVE-2024-29651]

Summary Node.js module @apidevtools/json-schema-ref-parser is used by IBM App Connect Enterprise Certified Container for processing JSON schemas defining the App Connect Enterprise administration API. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are...

7.7AI Score

EPSS

2024-06-04 04:51 PM
5
ics
ics

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability: Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS

7.9AI Score

0.003EPSS

2024-06-04 12:00 PM
31
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 An Vulnerability detection and Mass...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-04 11:32 AM
165
redhat
redhat

(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
7
redhat
redhat

(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
6
osv
osv

BIT-nginx-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
7
osv
osv

BIT-nginx-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
18
osv
osv

BIT-nginx-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6AI Score

0.0004EPSS

2024-06-04 09:50 AM
2
osv
osv

BIT-nginx-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.1AI Score

0.0004EPSS

2024-06-04 09:49 AM
2
Total number of security vulnerabilities116390