Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

openvas
openvas

openSUSE: Security Advisory for php7 (SUSE-SU-2024:1444-1)

The remote host is missing an update for...

6.5CVSS

8.5AI Score

0.006EPSS

2024-04-27 12:00 AM
10
thn
thn

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis...

7.2AI Score

2024-04-26 10:42 AM
27
nvd
nvd

CVE-2024-33651

Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-04-26 08:15 AM
cve
cve

CVE-2024-33651

Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-04-26 08:15 AM
49
cvelist
cvelist

CVE-2024-33651 WordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-04-26 07:09 AM
kaspersky
kaspersky

KLA66426 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Out of bounds read vulnerability in V8 API can be exploited to cause denial of service. Type.....

8.8CVSS

8.1AI Score

0.001EPSS

2024-04-26 12:00 AM
2
nessus
nessus

CentOS 9 : rpm-4.16.1.3-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the rpm-4.16.1.3-26.el9 build changelog. A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were...

6.7CVSS

7.7AI Score

0.001EPSS

2024-04-26 12:00 AM
2
nessus
nessus

CentOS 7 : kernel (RHSA-2024:2004)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2004 advisory. A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault....

9.8CVSS

7.6AI Score

0.001EPSS

2024-04-26 12:00 AM
30
atlassian
atlassian

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS

7.1AI Score

0.003EPSS

2024-04-25 05:10 PM
2
atlassian
atlassian

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS

7.2AI Score

0.011EPSS

2024-04-25 05:10 PM
7
nvd
nvd

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.6AI Score

0.0004EPSS

2024-04-25 04:15 PM
4
cve
cve

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.5AI Score

0.0004EPSS

2024-04-25 04:15 PM
134
cvelist
cvelist

CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.8AI Score

0.0004EPSS

2024-04-25 04:02 PM
1
vulnrichment
vulnrichment

CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.6AI Score

0.0004EPSS

2024-04-25 04:02 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

9.9AI Score

EPSS

2024-04-25 03:56 PM
42
impervablog
impervablog

The CISO’s Top Priority: Elevating Data-Centric Security

The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers (CISOs) to improve data protection, compliance,...

7.2AI Score

2024-04-25 03:06 PM
6
ics
ics

Rockwell Automation 5015-AENFTXT (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-04-25 12:00 PM
30
thn
thn

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and...

6.5AI Score

2024-04-25 06:37 AM
21
ibm
ibm

Security Bulletin: IBM Event Processing is vulnerable to high confidentiality, integrity and availability impacts (CVE-2023-22102).

Summary MySQL Connector/J versions used by IBM Event Processing are susceptible to a difficult to exploit vulnerability that could allow an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person....

8.3CVSS

5.8AI Score

0.001EPSS

2024-04-25 05:24 AM
11
ibm
ibm

Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details ** CVEID: CVE-2018-6561 DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by...

9.8CVSS

10AI Score

0.732EPSS

2024-04-25 05:15 AM
15
nessus
nessus

Oracle Linux 8 : edk2 (ELSA-2024-20865)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-20865 advisory. EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be...

8.8CVSS

7.8AI Score

0.006EPSS

2024-04-25 12:00 AM
9
f5
f5

K000139405 : MySQL vulnerability CVE-2023-21950

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS

6.2AI Score

0.0004EPSS

2024-04-25 12:00 AM
9
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox...

7.3AI Score

0.0004EPSS

2024-04-25 12:00 AM
4
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

8.3AI Score

0.0004EPSS

2024-04-25 12:00 AM
13
wpvulndb
wpvulndb

ARForms Form Builder < 1.6.5 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it...

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
2
nessus
nessus

Oracle Linux 8 : edk2 (ELSA-2024-12343)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12343 advisory. EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be...

8.8CVSS

7.7AI Score

0.006EPSS

2024-04-25 12:00 AM
7
amazon
amazon

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

3.7CVSS

6AI Score

0.001EPSS

2024-04-24 10:15 PM
7
amazon
amazon

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

3.7CVSS

6AI Score

0.001EPSS

2024-04-24 10:15 PM
6
osv
osv

Privilege Escalation in kubevirt

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any....

9.9CVSS

6.7AI Score

0.001EPSS

2024-04-24 08:54 PM
4
github
github

Privilege Escalation in kubevirt

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any....

9.9CVSS

7AI Score

0.001EPSS

2024-04-24 08:54 PM
5
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details ** CVEID: CVE-2021-3538 DESCRIPTION: **go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By...

9.8CVSS

10AI Score

0.002EPSS

2024-04-24 07:15 PM
13
ibm
ibm

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of...

5.9CVSS

7AI Score

0.0004EPSS

2024-04-24 06:48 PM
7
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS

8.6AI Score

0.001EPSS

2024-04-24 01:04 PM
11
nessus
nessus

Oracle Linux 7 : kernel (ELSA-2024-2004)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2004 advisory. A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local...

9.8CVSS

7.7AI Score

0.001EPSS

2024-04-24 12:00 AM
10
kaspersky
kaspersky

KLA66125 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Type confusion vulnerability in ANGLE can be exploited to cause denial of service. Out of bounds.....

8.8CVSS

8.2AI Score

0.001EPSS

2024-04-24 12:00 AM
4
ibm
ibm

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty is vulnerable to a denial of service,...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-04-23 07:47 PM
17
rosalinux
rosalinux

Advisory ROSA-SA-2024-2406

software: gcc 11.4.0 OS: ROSA-CHROME package_evr_string: gcc-11.4.0-10 CVE-ID: CVE-2023-4039 BDU-ID: 2023-05920 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the stack protection feature of the GNU Compiler Collection (GCC) stack for various programming languages involves a breach of the data...

4.8CVSS

5.2AI Score

0.0005EPSS

2024-04-23 12:04 PM
9
nessus
nessus

CBL Mariner 2.0 Security Update: cri-o (CVE-2022-1708)

The version of cri-o installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1708 advisory. A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with ...

7.5CVSS

7.7AI Score

0.004EPSS

2024-04-23 12:00 AM
8
f5
f5

K000139377 : OpenJDK vulnerabilities CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, and CVE-2024-21094

Security Advisory Description CVE-2024-21011 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22;...

3.7CVSS

3.2AI Score

0.001EPSS

2024-04-23 12:00 AM
59
rapid7blog
rapid7blog

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...

7AI Score

2024-04-22 01:14 PM
6
thn
thn

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming?...

7.3AI Score

2024-04-22 11:30 AM
23
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:43 AM
6
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:43 AM
5
ibm
ibm

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-22081, CVE-2023-5676)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

5.9CVSS

7.4AI Score

0.001EPSS

2024-04-22 09:41 AM
4
ibm
ibm

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details ** CVEID: CVE-2023-26119 DESCRIPTION:...

9.8CVSS

10AI Score

0.164EPSS

2024-04-22 06:05 AM
17
openvas
openvas

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1560)

The remote host is missing an update for the Huawei...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-04-22 12:00 AM
7
openvas
openvas

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1541)

The remote host is missing an update for the Huawei...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-04-22 12:00 AM
6
veracode
veracode

Incorrect Check Of Function Return Value

Envoy is vulnerable to Incorrect Check of Function Return Value. The vulnerability is due to insufficient input validation, which triggers an abnormal termination of the Envoy process when handling requests with overly long (longer than 255 characters) host/:authority headers (or alternate header.....

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-21 06:59 PM
2
veracode
veracode

Sensitive Information Disclosure

Ansible Automation Platform is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of private keys, where the ec2_key module prints the private key directly to the standard output when creating a new keypair. This flaw allows an attacker to retrieve the...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-04-21 05:57 AM
7
thn
thn

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in...

10CVSS

7.9AI Score

0.957EPSS

2024-04-20 05:53 AM
29
Total number of security vulnerabilities57574