Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

kaspersky
kaspersky

KLA68918 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...

9AI Score

0.0004EPSS

2024-06-12 12:00 AM
3
redhatcve
redhatcve

CVE-2024-27309

A flaw was found in Apache Kafka during the migration from ZooKeeper (ZK) to KRaft mode that affects Access Control List (ACL) enforcement. Specifically, when an ACL is removed from a resource and the resource retains two or more other ACLs, Kafka may incorrectly treat the resource as having only.....

6.6AI Score

0.0004EPSS

2024-06-11 08:54 PM
ics
ics

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...

6.5AI Score

0.0004EPSS

2024-06-11 12:00 PM
6
ibm
ibm

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

9.1CVSS

10AI Score

0.002EPSS

2024-06-11 09:52 AM
18
mskb
mskb

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-11 07:00 AM
3
mskb
mskb

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603)

Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

7.8CVSS

8AI Score

0.001EPSS

2024-06-11 07:00 AM
2
mskb
mskb

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933)

Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 07:00 AM
2
nvd
nvd

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

5.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
4
cve
cve

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

5.5CVSS

5.9AI Score

0.0004EPSS

2024-06-11 03:15 AM
23
cve
cve

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
cve
cve

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
nvd
nvd

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

0.0004EPSS

2024-06-11 03:15 AM
5
nvd
nvd

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
2
nvd
nvd

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
10
cve
cve

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
nvd
nvd

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
2
cve
cve

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-11 03:15 AM
23
cvelist
cvelist

CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

0.0004EPSS

2024-06-11 02:22 AM
4
cvelist
cvelist

CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

5.5CVSS

0.0004EPSS

2024-06-11 02:14 AM
2
vulnrichment
vulnrichment

CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

5.5CVSS

7.3AI Score

0.0004EPSS

2024-06-11 02:14 AM
1
cvelist
cvelist

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

0.0004EPSS

2024-06-11 02:11 AM
3
vulnrichment
vulnrichment

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

6.8AI Score

0.0004EPSS

2024-06-11 02:11 AM
1
cvelist
cvelist

CVE-2024-33001 Denial of service (DOS) in SAP NetWeaver and ABAP platform

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

0.0004EPSS

2024-06-11 02:05 AM
4
vulnrichment
vulnrichment

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-11 02:02 AM
1
cvelist
cvelist

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

0.0004EPSS

2024-06-11 02:02 AM
6
nessus
nessus

Mitel MiVoice <= 8.1 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiVoice software is R8.1 or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive...

9.8CVSS

7.4AI Score

0.059EPSS

2024-06-11 12:00 AM
1
kaspersky
kaspersky

KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...

9.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
kaspersky
kaspersky

KLA68916 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...

8.1CVSS

6.3AI Score

0.001EPSS

2024-06-11 12:00 AM
6
nessus
nessus

Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiCollab software is 9.4 SP1 (9.4.107) or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to...

9.8CVSS

7.1AI Score

0.059EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-11 12:00 AM
2
kaspersky
kaspersky

KLA68921 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
7
wpvulndb
wpvulndb

Events Manager – Calendar, Bookings, Tickets, and more! < 6.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes

Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68914 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A denial of service vulnerability in DNS...

9.8CVSS

9AI Score

0.003EPSS

2024-06-11 12:00 AM
21
kaspersky
kaspersky

KLA68915 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...

9.8CVSS

9.6AI Score

0.003EPSS

2024-06-11 12:00 AM
34
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 10:53 PM
16
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-10 10:46 PM
6
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 08:24 PM
10
nvd
nvd

CVE-2024-22279

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

7.5CVSS

0.0005EPSS

2024-06-10 08:15 PM
2
cve
cve

CVE-2024-22279

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

7.5CVSS

5.8AI Score

0.0005EPSS

2024-06-10 08:15 PM
44
cvelist
cvelist

CVE-2024-22279 GoRouter Denial of Service Attack

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

5.9CVSS

0.0005EPSS

2024-06-10 07:47 PM
8
vulnrichment
vulnrichment

CVE-2024-22279 GoRouter Denial of Service Attack

Improper handling of requests in Routing Release &gt; v0.273.0 and &lt;= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at...

5.9CVSS

7AI Score

0.0005EPSS

2024-06-10 07:47 PM
packetstorm

7.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
69
nvd
nvd

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

9.8CVSS

0.001EPSS

2024-06-09 07:15 PM
2
cve
cve

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

9.8CVSS

8.3AI Score

0.001EPSS

2024-06-09 07:15 PM
34
cvelist
cvelist

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

8.2CVSS

0.001EPSS

2024-06-09 06:16 PM
4
vulnrichment
vulnrichment

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

8.2CVSS

6.9AI Score

0.001EPSS

2024-06-09 06:16 PM
atlassian
atlassian

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-07 04:11 AM
2
atlassian
atlassian

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-07 04:11 AM
3
redos
redos

ROS-20240607-03

A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-07 12:00 AM
1
osv
osv

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 09:30 PM
2
Total number of security vulnerabilities57783