Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

nessus
nessus

RHEL 6 : samba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717) samba:...

8.3AI Score

0.916EPSS

2024-05-11 12:00 AM
5
nessus
nessus

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

8.8AI Score

EPSS

2024-05-11 12:00 AM
7
nessus
nessus

RHEL 6 : imagemagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c (CVE-2019-19952) Heap-based buffer...

9.6AI Score

0.242EPSS

2024-05-11 12:00 AM
3
nessus
nessus

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

8.7AI Score

EPSS

2024-05-11 12:00 AM
43
nessus
nessus

RHEL 6 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) FreeIPA uses a...

7.4AI Score

0.011EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

9.9AI Score

0.106EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 7 : openexr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenEXR: Out-of-bounds write in the = operator function (CVE-2017-9115) In OpenEXR 2.2.0, a crafted...

7.8AI Score

0.014EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) (CVE-2016-3477) mysql:...

9.5AI Score

0.118EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : avahi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. avahi: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519) A flaw was...

6.6AI Score

0.056EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 7 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ceph: cephx protocol is vulnerable to replay attack (CVE-2018-1128) ceph: user/tenant can obtain access...

7.8AI Score

0.002EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : openexr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenEXR: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer (CVE-2021-23169) OpenEXR: Heap Overflow in...

7.9AI Score

0.014EPSS

2024-05-11 12:00 AM
7
nessus
nessus

RHEL 7 : haproxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. haproxy: data leak via fcgi requests (CVE-2023-0836) An uncontrolled resource consumption vulnerability...

7.8AI Score

0.002EPSS

2024-05-11 12:00 AM
4
nessus
nessus

RHEL 6 : binutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699) The...

8.1AI Score

EPSS

2024-05-11 12:00 AM
4
nessus
nessus

RHEL 5 : samba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: symlink race permits opening files outside share directory (CVE-2017-2619) samba: Netlogon...

7.4AI Score

0.916EPSS

2024-05-11 12:00 AM
6
nessus
nessus

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...

7AI Score

0.013EPSS

2024-05-11 12:00 AM
10
ibm
ibm

Security Bulletin: IBM Security Guardium is affected by an IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 vulnerability (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...

5.9CVSS

6.5AI Score

0.001EPSS

2024-05-10 03:04 PM
5
atlassian
atlassian

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server......

8.1CVSS

7.8AI Score

0.0004EPSS

2024-05-10 10:10 AM
12
cvelist
cvelist

CVE-2024-4448 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19....

6.5CVSS

6.4AI Score

0.001EPSS

2024-05-10 07:33 AM
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-10 04:07 AM
7
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to...

9.1CVSS

10AI Score

EPSS

2024-05-10 04:05 AM
5
kaspersky
kaspersky

KLA67223 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: A spoofing vulnerability in Microsoft Edge (Chromium-based) can be...

9.6CVSS

8.3AI Score

0.001EPSS

2024-05-10 12:00 AM
3
f5
f5

K000139580: MySQL Server vulnerability CVE-2024-20998

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5AI Score

0.0004EPSS

2024-05-10 12:00 AM
7
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...

5.9CVSS

6.4AI Score

0.001EPSS

2024-05-09 07:33 PM
21
amazon
amazon

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

3.7CVSS

5.8AI Score

0.001EPSS

2024-05-09 07:16 PM
10
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

9.8CVSS

9.7AI Score

EPSS

2024-05-09 04:49 PM
13
wpvulndb
wpvulndb

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.20 - Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and...

5.9AI Score

0.001EPSS

2024-05-09 12:00 AM
1
kaspersky
kaspersky

KLA67225 ACE vulnerability in Google Chrome

Use after free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories Chrome Releases: Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related...

9.6CVSS

7.8AI Score

0.001EPSS

2024-05-09 12:00 AM
4
aix
aix

AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

IBM SECURITY ADVISORY First Issued: Wed May 8 16:18:28 CDT 2024 |Updated: Tue Jun 4 15:20:02 CDT 2024 |Update: iFix added for VIOS 3.1.4.31. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc Security Bulletin: AIX...

7.5CVSS

6.3AI Score

0.0005EPSS

2024-05-08 04:18 PM
20
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Xerces2

Summary Multiple vulnerabilities have been identified in Apache Xerces2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2022-23437 DESCRIPTION: **Apache...

6.5CVSS

8.7AI Score

0.019EPSS

2024-05-08 06:45 AM
3
cve
cve

CVE-2024-1930

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the open_session() D-Bus method. For...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-08 02:15 AM
27
nvd
nvd

CVE-2024-1930

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the open_session() D-Bus method. For...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-08 02:15 AM
cvelist
cvelist

CVE-2024-1930 No Limit on Number of Open Sessions / Bad Session Close Behaviour

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the open_session() D-Bus method. For...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-08 01:52 AM
vulnrichment
vulnrichment

CVE-2024-1930 No Limit on Number of Open Sessions / Bad Session Close Behaviour

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the open_session() D-Bus method. For...

6.5CVSS

7AI Score

0.0004EPSS

2024-05-08 01:52 AM
kaspersky
kaspersky

KLA67226 ACE vulnerability in Apple iTunes

File parsing vulnerability was found in iTunes. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories About the security content of iTunes 12.13.2 for Windows Related products Apple-iTunes CVE list CVE-2024-27793 unknown Solution...

7.9AI Score

0.0004EPSS

2024-05-08 12:00 AM
nessus
nessus

GLSA-202405-29 : Node.js: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...

9.8CVSS

9.4AI Score

EPSS

2024-05-08 12:00 AM
8
ibm
ibm

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2023-41080 DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

8.8CVSS

10AI Score

0.033EPSS

2024-05-07 07:52 PM
3
ibm
ibm

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS

10AI Score

EPSS

2024-05-07 07:21 PM
15
securelist
securelist

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

8.9AI Score

0.971EPSS

2024-05-07 10:00 AM
29
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1509-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1509-1 advisory. A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing...

9.8CVSS

8.2AI Score

0.014EPSS

2024-05-07 12:00 AM
6
f5
f5

K000139533 : MySQL vulnerability CVE-2024-21090

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-05-07 12:00 AM
8
redos
redos

ROS-20240507-09

Vulnerability in the Extensions component of Microsoft Edge and Google Chrome browsers is related to incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information V8 JavaScript script handler...

8.8CVSS

8.2AI Score

0.001EPSS

2024-05-07 12:00 AM
9
kaspersky
kaspersky

KLA66617 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in ANGLE can be exploited to cause denial of service or execute...

8.4AI Score

0.0004EPSS

2024-05-07 12:00 AM
3
wpvulndb
wpvulndb

Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Archives Calendar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9AI Score

0.0004EPSS

2024-05-07 12:00 AM
6
mssecure
mssecure

New capabilities to help you secure your AI transformation

AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we...

7.4AI Score

2024-05-06 04:00 PM
2
aix
aix

AIX is vulnerable to privilege escalation (CVE-2024-27273)

IBM SECURITY ADVISORY First Issued: Mon May 6 08:12:16 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/kernel_advisory7.asc Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-05-06 08:12 AM
48
cve
cve

CVE-2024-3756

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...

6.7AI Score

0.0004EPSS

2024-05-06 06:15 AM
35
nvd
nvd

CVE-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.4AI Score

0.0004EPSS

2024-05-06 06:15 AM
cve
cve

CVE-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.6AI Score

0.0004EPSS

2024-05-06 06:15 AM
27
nvd
nvd

CVE-2024-3756

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...

6.5AI Score

0.0004EPSS

2024-05-06 06:15 AM
cvelist
cvelist

CVE-2024-3756 MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...

6.7AI Score

0.0004EPSS

2024-05-06 06:00 AM
Total number of security vulnerabilities57573