Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

ibm
ibm

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...

7.2AI Score

EPSS

2024-06-26 12:43 AM
4
ibm
ibm

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...

7.5CVSS

8AI Score

EPSS

2024-06-26 12:42 AM
4
redhatcve
redhatcve

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

7.2AI Score

0.0004EPSS

2024-06-25 08:52 PM
rapid7blog
rapid7blog

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a high-severity authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration, and CVE-2024-5805, a critical SFTP-associated...

9.1CVSS

9.8AI Score

0.0004EPSS

2024-06-25 06:16 PM
6
ibm
ibm

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

6.2AI Score

EPSS

2024-06-25 06:07 PM
debiancve
debiancve

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

6.7AI Score

0.0004EPSS

2024-06-25 03:15 PM
nvd
nvd

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

0.0004EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

7AI Score

0.0004EPSS

2024-06-25 03:15 PM
4
cvelist
cvelist

CVE-2024-39466 thermal/drivers/qcom/lmh: Check for SCM availability at probe

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

0.0004EPSS

2024-06-25 02:25 PM
1
vulnrichment
vulnrichment

CVE-2024-39466 thermal/drivers/qcom/lmh: Check for SCM availability at probe

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

7.2AI Score

0.0004EPSS

2024-06-25 02:25 PM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0232)

The remote host is missing an update for...

8.8CVSS

7.5AI Score

0.002EPSS

2024-06-25 12:00 AM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-24 10:04 PM
1
mageia
mageia

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise....

8.8CVSS

6.8AI Score

0.002EPSS

2024-06-24 10:04 PM
9
aix
aix

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

5.9CVSS

4.6AI Score

0.0004EPSS

2024-06-24 03:10 PM
1
nessus
nessus

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a ...

7.8CVSS

8.5AI Score

0.003EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : edk2 (ALAS-2024-2578)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2578 advisory. EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to...

6CVSS

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
nvd
nvd

CVE-2024-5791

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...

6.1CVSS

0.0005EPSS

2024-06-22 02:15 AM
4
cve
cve

CVE-2024-5791

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...

7.2CVSS

6.3AI Score

0.0005EPSS

2024-06-22 02:15 AM
11
cvelist
cvelist

CVE-2024-5791 Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...

7.2CVSS

0.0005EPSS

2024-06-22 02:01 AM
6
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...

8CVSS

8.4AI Score

EPSS

2024-06-22 12:00 AM
2
gentoo
gentoo

LZ4: Memory Corruption

Background LZ4 is a lossless compression algorithm, providing compression speed &gt; 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. Description An attacker who....

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-22 12:00 AM
2
nvd
nvd

CVE-2024-35761

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-21 01:15 PM
5
cve
cve

CVE-2024-35761

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-21 01:15 PM
20
vulnrichment
vulnrichment

CVE-2024-35761 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-21 12:38 PM
1
cvelist
cvelist

CVE-2024-35761 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-21 12:38 PM
4
cve
cve

CVE-2024-5859

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

6AI Score

0.0005EPSS

2024-06-21 09:15 AM
18
nvd
nvd

CVE-2024-5859

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.0005EPSS

2024-06-21 09:15 AM
3
cvelist
cvelist

CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.0005EPSS

2024-06-21 08:39 AM
cve
cve

CVE-2024-6225

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...

4.8CVSS

4.3AI Score

0.0004EPSS

2024-06-21 08:15 AM
20
nvd
nvd

CVE-2024-6225

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...

4.8CVSS

0.0004EPSS

2024-06-21 08:15 AM
4
cvelist
cvelist

CVE-2024-6225 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS

0.0004EPSS

2024-06-21 07:39 AM
4
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-21 07:32 AM
3
osv
osv

BIT-kibana-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

4.9CVSS

5.1AI Score

0.0004EPSS

2024-06-21 07:23 AM
osv
osv

BIT-elk-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

4.9CVSS

5.1AI Score

0.0004EPSS

2024-06-21 07:17 AM
nessus
nessus

Kibana 8.6.3 < 8.14 (ESA-2024-15)

The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-21 12:00 AM
1
nessus
nessus

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

4.9CVSS

6.9AI Score

0.0004EPSS

2024-06-21 12:00 AM
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081) Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-20 11:41 PM
5
osv
osv

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

9CVSS

9.1AI Score

0.0004EPSS

2024-06-20 11:15 PM
2
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS

10AI Score

0.005EPSS

2024-06-20 08:32 PM
3
nvd
nvd

CVE-2024-37352

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

0.0004EPSS

2024-06-20 06:15 PM
4
nvd
nvd

CVE-2024-37351

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

0.0004EPSS

2024-06-20 06:15 PM
4
cve
cve

CVE-2024-37351

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

4.3AI Score

0.0004EPSS

2024-06-20 06:15 PM
22
nvd
nvd

CVE-2024-37350

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...

6.5CVSS

0.0004EPSS

2024-06-20 06:15 PM
6
cve
cve

CVE-2024-37352

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

4.4AI Score

0.0004EPSS

2024-06-20 06:15 PM
23
cve
cve

CVE-2024-37350

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...

6.5CVSS

6AI Score

0.0004EPSS

2024-06-20 06:15 PM
22
nvd
nvd

CVE-2024-37349

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

4.5CVSS

0.0004EPSS

2024-06-20 06:15 PM
5
cve
cve

CVE-2024-37349

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

4.5CVSS

4.3AI Score

0.0004EPSS

2024-06-20 06:15 PM
24
vulnrichment
vulnrichment

CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

6.1AI Score

0.0004EPSS

2024-06-20 05:28 PM
1
cvelist
cvelist

CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

0.0004EPSS

2024-06-20 05:28 PM
3
cvelist
cvelist

CVE-2024-37351 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

0.0004EPSS

2024-06-20 05:25 PM
3
Total number of security vulnerabilities57783