Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

nvd
nvd

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

6AI Score

0.0004EPSS

2024-05-30 09:15 PM
cve
cve

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

6.8AI Score

0.0004EPSS

2024-05-30 09:15 PM
28
nvd
nvd

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....

1.8CVSS

3.5AI Score

0.0004EPSS

2024-05-30 09:15 PM
cvelist
cvelist

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....

1.8CVSS

3.4AI Score

0.0004EPSS

2024-05-30 08:57 PM
1
cvelist
cvelist

CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

6AI Score

0.0004EPSS

2024-05-30 08:46 PM
1
ibm
ibm

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142)

Summary Vulneribities were discovered during an assessment of the IBM Security Verify Access Container Product. They were addressed in the ISVA 10.0.7 release. Vulnerability Details ** CVEID: CVE-2024-35142 DESCRIPTION: **IBM Security Verify Access could allow a local user to escalate their...

8.4CVSS

6.9AI Score

EPSS

2024-05-30 07:41 PM
6
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS

9.9AI Score

0.035EPSS

2024-05-30 03:23 PM
13
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-30 02:06 PM
1
wpvulndb
wpvulndb

The Events Calendar Free & Pro <= 6.4.0 - Contributor+ Missing Authorization to Authenticated Arbitrary Events Access

Description Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a insufficient capability checks and restrictions on a function in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to access.....

6.9AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1722)

The remote host is missing an update for the Huawei...

8.8CVSS

7.1AI Score

0.006EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1733)

The remote host is missing an update for the Huawei...

8.8CVSS

7.1AI Score

0.006EPSS

2024-05-30 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...

6CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
thn
thn

New Research Warns About Weak Offboarding Management and Insider Risks

A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks. Employee offboarding is typically seen as a routine administrative task, but it can pose substantial...

6.9AI Score

2024-05-29 11:31 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6793-1)

The remote host is missing an update for...

9CVSS

7.1AI Score

0.001EPSS

2024-05-29 12:00 AM
7
nessus
nessus

EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...

8.8CVSS

8.2AI Score

0.006EPSS

2024-05-29 12:00 AM
1
redos
redos

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

7.5CVSS

7.4AI Score

0.002EPSS

2024-05-29 12:00 AM
8
nessus
nessus

EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2024-1733)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...

8.8CVSS

7.8AI Score

0.006EPSS

2024-05-29 12:00 AM
2
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...

5.9CVSS

6.7AI Score

0.001EPSS

2024-05-28 07:41 PM
7
osv
osv

git vulnerabilities

It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-32002) It was discovered that Git incorrectly handled certain cloned...

9CVSS

7.3AI Score

0.001EPSS

2024-05-28 01:39 PM
3
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Git vulnerabilities (USN-6793-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6793-1 advisory. It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to...

9CVSS

7.5AI Score

0.001EPSS

2024-05-28 12:00 AM
1
ubuntu
ubuntu

Git vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages git - fast, scalable, distributed revision control system Details It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This...

9CVSS

7.6AI Score

0.001EPSS

2024-05-28 12:00 AM
16
talos
talos

AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24947,CVE-2024-24946 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software...

8.2CVSS

8AI Score

0.0005EPSS

2024-05-28 12:00 AM
3
redhatcve
redhatcve

CVE-2021-47556

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-27 09:57 AM
1
kaspersky
kaspersky

KLA68206 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in Dawn can be exploited to cause denial of service Type...

8.8CVSS

8.4AI Score

0.003EPSS

2024-05-25 12:00 AM
4
osv
osv

BIT-hubble-relay-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....

8.8CVSS

6.5AI Score

0.0004EPSS

2024-05-24 07:24 PM
4
debiancve
debiancve

CVE-2021-47556

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-24 03:15 PM
5
nvd
nvd

CVE-2021-47556

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-05-24 03:15 PM
cve
cve

CVE-2021-47556

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-24 03:15 PM
25
cvelist
cvelist

CVE-2021-47556 ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

6.4AI Score

0.0004EPSS

2024-05-24 03:09 PM
wpexploit
wpexploit

The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

7.3AI Score

0.0004EPSS

2024-05-24 12:00 AM
15
nessus
nessus

Atlassian Confluence 5.2 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 RCE (CONFSERVER-95832)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95832 advisory. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE...

8.8CVSS

8.9AI Score

0.056EPSS

2024-05-24 12:00 AM
8
ubuntucve
ubuntucve

CVE-2021-47556

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
3
wpvulndb
wpvulndb

The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.) PoC The PoC will be displayed on June 10, 2024, to give users the time to...

7AI Score

0.0004EPSS

2024-05-24 12:00 AM
2
kaspersky
kaspersky

KLA68204 DoS vulnerability in Opera

Type confusion vulnerability was found in Opera. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Opera 110.0.5130.39 Stable update Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related products Opera CVE.....

8.8CVSS

6.4AI Score

0.003EPSS

2024-05-24 12:00 AM
amazon
amazon

Low: ImageMagick

Issue Overview: A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability....

7.5CVSS

6.6AI Score

0.003EPSS

2024-05-23 10:04 PM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 114 vulnerabilities disclosed in 88...

10CVSS

9.3AI Score

EPSS

2024-05-23 03:00 PM
11
nvd
nvd

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-05-23 01:15 PM
cve
cve

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

5.4CVSS

6.7AI Score

0.0004EPSS

2024-05-23 01:15 PM
56
cvelist
cvelist

CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-05-23 12:09 PM
nvd
nvd

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-23 09:15 AM
cve
cve

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-23 09:15 AM
57
cvelist
cvelist

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-23 08:55 AM
nessus
nessus

RHEL 8 : resource-agents (RHSA-2024:2952)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2952 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several....

5.9CVSS

6.2AI Score

0.001EPSS

2024-05-23 12:00 AM
3
kaspersky
kaspersky

KLA68203 DoS vulnerability in Google Chrome

Type confusion vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related products Google-Chrome CVE list CVE-2024-5274....

8.8CVSS

6.2AI Score

0.003EPSS

2024-05-23 12:00 AM
redhat
redhat

(RHSA-2024:2730) Important: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update

This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on collectd with AMQP-1.0 messaging bus. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) ...

7.4AI Score

0.001EPSS

2024-05-22 08:32 PM
2
redhat
redhat

(RHSA-2024:2767) Important: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update

This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on collectd with AMQP-1.0 messaging bus. Security Fix(es): Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) net/http/internal: Denial...

7.4AI Score

0.001EPSS

2024-05-22 08:09 PM
2
nvd
nvd

CVE-2024-31893

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: ...

4.3CVSS

4.2AI Score

0.0004EPSS

2024-05-22 07:15 PM
cve
cve

CVE-2024-31893

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: ...

4.3CVSS

5.7AI Score

0.0004EPSS

2024-05-22 07:15 PM
26
cvelist
cvelist

CVE-2024-31893 IBM App Connect Enterprise information disclosure

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: ...

4.3CVSS

4.2AI Score

0.0004EPSS

2024-05-22 07:04 PM
nvd
nvd

CVE-2024-20361

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

5.8CVSS

5.8AI Score

0.0004EPSS

2024-05-22 05:16 PM
3
Total number of security vulnerabilities57574