Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...

5.9CVSS

6.2AI Score

0.001EPSS

2024-06-04 06:11 PM
3
ibm
ibm

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-22112 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high...

4.9CVSS

5AI Score

0.001EPSS

2024-06-04 03:49 PM
6
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
osv
osv

BIT-hubble-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....

8.8CVSS

6.1AI Score

0.0004EPSS

2024-06-04 09:46 AM
2
nvd
nvd

CVE-2024-4180

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

9.5AI Score

0.0004EPSS

2024-06-04 06:15 AM
3
cve
cve

CVE-2024-4180

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

7.1AI Score

0.0004EPSS

2024-06-04 06:15 AM
10
cvelist
cvelist

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

9.5AI Score

0.0004EPSS

2024-06-04 06:00 AM
4
vulnrichment
vulnrichment

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via...

6.8AI Score

0.0004EPSS

2024-06-04 06:00 AM
nvd
nvd

CVE-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-03 11:15 PM
cve
cve

CVE-2023-28492

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

4.3CVSS

7.1AI Score

0.0004EPSS

2024-06-03 11:15 PM
17
nvd
nvd

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-03 10:15 PM
cve
cve

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

3.7CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
17
cvelist
cvelist

CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-03 10:09 PM
2
vulnrichment
vulnrichment

CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 10:09 PM
cvelist
cvelist

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-03 09:35 PM
vulnrichment
vulnrichment

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through...

3.7CVSS

6.9AI Score

0.0004EPSS

2024-06-03 09:35 PM
malwarebytes
malwarebytes

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

7.2AI Score

2024-06-03 02:55 PM
4
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 (LTS) and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.....

7.1CVSS

8.9AI Score

0.002EPSS

2024-06-03 10:05 AM
3
ibm
ibm

Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to IBM Java

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-03 09:18 AM
2
nessus
nessus

RHEL 5 : mysql55-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) ...

7.5CVSS

6.2AI Score

0.009EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : mysql55-mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Option (CPU July 2016) (CVE-2016-3471) mysql:...

7.5CVSS

5.4AI Score

0.005EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 9 : binutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (CVE-2021-45078) In GNU Binutils...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-03 12:00 AM
1
kaspersky
kaspersky

KLA68438 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

8.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
4
nessus
nessus

RHEL 8 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...

5.5CVSS

7.3AI Score

0.011EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : mariadb-galera (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability related to Server:DML (CPU October 2015) (CVE-2015-4879) mysql:...

6.5CVSS

6.6AI Score

0.005EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : libvirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...

6.5CVSS

8.7AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) (CVE-2013-0433) Oracle JDK 7:...

7.5AI Score

0.968EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : icu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) (CVE-2015-4844) icu: Double free in...

9.8CVSS

6.9AI Score

0.057EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : 8.2_libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtpms: out-of-bounds access via specially crafted TPM 2 command packets (CVE-2021-3746) A stack...

6.5CVSS

7.4AI Score

0.001EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 8 : fwupdate (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Use-after-free in rmmod command (CVE-2020-25632) grub2: Out-of-bounds write in...

8.2CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
github
github

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

1.8CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
7
osv
osv

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

1.8CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
1
redhatcve
redhatcve

CVE-2024-1298

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

6.5AI Score

0.0004EPSS

2024-06-02 02:30 PM
2
zdt

7.5CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
12
exploitdb

7.5CVSS

7.1AI Score

EPSS

2024-06-01 12:00 AM
77
github
github

Moodle broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.3AI Score

0.0004EPSS

2024-05-31 09:30 PM
6
osv
osv

Moodle broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.3AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
cve
cve

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.6AI Score

0.0004EPSS

2024-05-31 08:15 PM
13
nvd
nvd

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.4AI Score

0.0004EPSS

2024-05-31 08:15 PM
cvelist
cvelist

CVE-2024-33996 moodle: broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.3AI Score

0.0004EPSS

2024-05-31 07:29 PM
vulnrichment
vulnrichment

CVE-2024-33996 moodle: broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.7AI Score

0.0004EPSS

2024-05-31 07:29 PM
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
schneier
schneier

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

7.4AI Score

2024-05-31 11:04 AM
8
nessus
nessus

Amazon Linux 2 : ImageMagick (ALAS-2024-2559)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2559 advisory. A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger...

7.5CVSS

6.6AI Score

0.003EPSS

2024-05-31 12:00 AM
nessus
nessus

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_312.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-012 advisory. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is.....

8.6CVSS

8AI Score

0.012EPSS

2024-05-31 12:00 AM
nessus
nessus

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)

The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

6.8CVSS

6.8AI Score

0.002EPSS

2024-05-31 12:00 AM
ubuntucve
ubuntucve

CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...

6.5AI Score

0.0004EPSS

2024-05-31 12:00 AM
2
cve
cve

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....

1.8CVSS

6.4AI Score

0.0004EPSS

2024-05-30 09:15 PM
28
debiancve
debiancve

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

7.3AI Score

0.0004EPSS

2024-05-30 09:15 PM
3
osv
osv

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....

1.8CVSS

6.5AI Score

0.0004EPSS

2024-05-30 09:15 PM
3
Total number of security vulnerabilities57573