A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
5.8CVSS
7AI Score
0.0004EPSS
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
5.8CVSS
7.2AI Score
0.0004EPSS
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
5.8CVSS
5.8AI Score
0.0004EPSS
Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
7.3AI Score
0.0004EPSS
gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
5.4CVSS
7.1AI Score
0.0004EPSS
gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
5.4CVSS
7.1AI Score
0.0004EPSS
gix traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
8.8CVSS
8AI Score
0.0004EPSS
gix traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
8.8CVSS
8AI Score
0.0004EPSS
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...
6.5AI Score
(RHSA-2024:2952) Moderate: resource-agents security and bug fix update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
7AI Score
0.001EPSS
Summary IBM App Connect Enterprise Discovery Connector nodes for Calendly, Docusign and Square are vulnerable to an authenticated user accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-31893 ...
4.3CVSS
6.5AI Score
0.0004EPSS
Moderate: resource-agents security and bug fix update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
5.9CVSS
6.6AI Score
0.001EPSS
Moderate: resource-agents security and bug fix update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
5.9CVSS
6.4AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based...
7.5CVSS
7.9AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...
7.5CVSS
7.9AI Score
0.001EPSS
CentOS 8 : edk2 (CESA-2024:3017)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3017 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local...
8.8CVSS
8.3AI Score
0.006EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6782-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6782-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
9AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.7AI Score
0.0004EPSS
CentOS 8 : python3.11-cryptography (CESA-2024:3105)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3105 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...
7.5CVSS
6.5AI Score
0.001EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8.8AI Score
0.056EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8.8AI Score
0.056EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
7.5AI Score
0.056EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8AI Score
0.056EPSS
Summary IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections. Vulnerability Details ** CVEID: CVE-2023-50313 DESCRIPTION: **IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections caused by a...
6.5CVSS
6.2AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified...
5.9CVSS
5.6AI Score
0.001EPSS
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.....
7CVSS
7AI Score
0.0004EPSS
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.001EPSS
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
KLA67728 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service Heap...
8.4AI Score
0.0004EPSS
New Windows 11 features strengthen security to address evolving cyberthreat landscape
Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....
7AI Score
New Windows 11 features strengthen security to address evolving cyberthreat landscape
In this article Cybersecurity at the forefront of all we do Modern, secure hardware Stay ahead of evolving threats with Windows Explore the new Windows 11 security features Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this...
8.6AI Score
K000139678: MySQL Server vulnerability CVE-2024-21055
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
6AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...
5.9CVSS
7AI Score
0.001EPSS
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
6.7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
8.2AI Score
0.0004EPSS
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
8.2AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.001EPSS
K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008
Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...
4.5AI Score
0.0004EPSS
K000139667: MySQL vulnerability CVE-2024-21056
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2024-1680)
The remote host is missing an update for the Huawei...
4.8CVSS
6.6AI Score
0.0005EPSS