DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
Cross-Site Scripting (XSS) in TYPO3 Backend
Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this...
7AI Score
Cross-Site Scripting (XSS) in TYPO3 Backend
Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this...
7AI Score
Information Disclosure in TYPO3 Backend
The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...
6.9AI Score
Information Disclosure in TYPO3 Backend
The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...
6.9AI Score
Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...
6.2AI Score
0.0004EPSS
CVE-2024-5629 Out-of-bounds read in bson module of PyMongo
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...
4.7CVSS
4.8AI Score
0.0004EPSS
CVE-2024-5629 Out-of-bounds read in bson module of PyMongo
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...
4.7CVSS
4.6AI Score
0.0004EPSS
Out-of-bounds read in bson module of PyMongo
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...
4.7CVSS
4.7AI Score
0.0004EPSS
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...
7.9AI Score
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...
7.9AI Score
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...
7.9AI Score
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
9.8CVSS
7.2AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: qt5-qtxmlpatterns-5.15.14-1.fc40
The Qt XML Patterns module provides support for XPath, XQuery, XSLT, and XML Schema...
6.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtx11extras-5.15.14-1.fc40
The X11 Extras module provides features specific to platforms using X11, e. g. Linux and UNIX-like systems including embedded Linux systems that use the X Window...
6.4AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtwebchannel-5.15.14-1.fc40
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes...
6.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtwayland-5.15.14-1.fc40
Qt5 - Wayland platform support and QtCompositor...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtwebsockets-5.15.14-1.fc40
The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtspeech-5.15.14-1.fc40
The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. T he most common use case where text-to-speech comes in handy is when the end-user is...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtmultimedia-5.15.14-1.fc40
The Qt Multimedia module provides a rich feature set that enables you to easily take advantage of a platforms multimedia capabilites and hardware. This ranges from the playback and recording of audio and video content to the use of available devices like cameras and...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtquickcontrols-5.15.14-1.fc40
The Qt Quick Controls module provides a set of controls that can be used to build complete interfaces in Qt...
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtquickcontrols2-5.15.14-1.fc40
The Qt Labs Controls module provides a set of controls that can be used to build complete interfaces in Qt Quick. Unlike Qt Quick Controls, these controls are optimized for embedded systems and so are preferred for hardware with limited...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtremoteobjects-5.15.14-1.fc40
Qt Remote Objects (QtRO) is an inter-process communication (IPC) module dev eloped for...
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40
The Qt SCXML module provides functionality to create state machines from SC XML files. This includes both dynamically creating state machines loading the SCXML fi le and instantiating states and transitions) and generating a C++ file that has a class implementing the state machine. It also...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtimageformats-5.15.14-1.fc40
The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtdoc-5.15.14-1.fc40
QtDoc contains the main Qt Reference Documentation, which includes overviews, Qt topics, and examples not specific to any Qt...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtdatavis3d-5.15.14-1.fc40
Qt Data Visualization module provides multiple graph types to visualize dat a in 3D space both with C++ and Qt Quick...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtgraphicaleffects-5.15.14-1.fc40
The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. Effects are visual items that can be added to Qt Quick user interface as UI...
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtcharts-5.15.14-1.fc40
Qt Charts module provides a set of easy to use chart components. It uses th e Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QG raphicsWidget, or QML types. Users can easily create impressive graphs by selecting...
6.4AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
9.8CVSS
7AI Score
0.035EPSS
Acquia DAM - Moderately critical - Access bypass, Denial of Service - SA-CONTRIB-2024-025
Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance. The module doesn't sufficiently....
6.8AI Score
AlmaLinux 8 : ruby:3.1 (ALSA-2024:3546)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: Arbitrary.....
7.3AI Score
EPSS
openSUSE: Security Advisory for Java (SUSE-SU-2024:1874-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.005EPSS
F5 Networks BIG-IP : PyYAML vulnerability (K000139901)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139901 advisory. In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load()...
9.8CVSS
8.1AI Score
0.014EPSS
[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...
7.8CVSS
9AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1923-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1923-1 advisory. unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list...
7.5CVSS
7.7AI Score
0.05EPSS
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...
8.8CVSS
9.7AI Score
EPSS
Summary Node.js module @apidevtools/json-schema-ref-parser is used by IBM App Connect Enterprise Certified Container for processing JSON schemas defining the App Connect Enterprise administration API. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are...
7.7AI Score
EPSS
Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability: Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability could...
7.5CVSS
7.9AI Score
0.003EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 An Vulnerability detection and Mass...
9.8CVSS
9.7AI Score
0.938EPSS
(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
7.5CVSS
6.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
7.5CVSS
6.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
4.8CVSS
6AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.1AI Score
0.0004EPSS