Lucene search

K

Dual Band Wireless-AC, Tri-Band Wireless-AC And Wireless-AC Family Of Products Security Vulnerabilities

osv
osv

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 08:15 PM
cve
cve

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-14 08:15 PM
12
nvd
nvd

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 08:15 PM
1
openbugbounty
openbugbounty

hamiltonhousepublishers.gr Cross Site Scripting vulnerability OBB-3935274

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 07:59 PM
4
openbugbounty
openbugbounty

ippofaes.gr Cross Site Scripting vulnerability OBB-3935273

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 07:40 PM
5
vulnrichment
vulnrichment

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 07:12 PM
cvelist
cvelist

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 07:12 PM
3
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

9.9CVSS

8.2AI Score

0.938EPSS

2024-06-14 07:09 PM
1
cve
cve

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

7.7AI Score

0.0004EPSS

2024-06-14 06:15 PM
10
nvd
nvd

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

0.0004EPSS

2024-06-14 06:15 PM
2
openbugbounty
openbugbounty

fotsi.gr Cross Site Scripting vulnerability OBB-3935268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 06:07 PM
4
openbugbounty
openbugbounty

plus613.com Cross Site Scripting vulnerability OBB-3935267

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 05:38 PM
4
nuclei
nuclei

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio <...

7.5CVSS

6.6AI Score

0.001EPSS

2024-06-14 05:31 PM
nvd
nvd

CVE-2024-37369

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

0.0004EPSS

2024-06-14 05:15 PM
1
nvd
nvd

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

0.0004EPSS

2024-06-14 05:15 PM
1
cve
cve

CVE-2024-37369

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

7.1AI Score

0.0004EPSS

2024-06-14 05:15 PM
9
cve
cve

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

6.8AI Score

0.0004EPSS

2024-06-14 05:15 PM
10
veracode
veracode

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service (DoS). The vulnerability is due to the readObject() method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service.....

7.5CVSS

6.5AI Score

0.0005EPSS

2024-06-14 04:52 PM
1
vulnrichment
vulnrichment

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

7AI Score

0.0004EPSS

2024-06-14 04:50 PM
1
cvelist
cvelist

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

0.0004EPSS

2024-06-14 04:50 PM
1
vulnrichment
vulnrichment

CVE-2024-5659 Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

6.8AI Score

0.0004EPSS

2024-06-14 04:42 PM
1
cvelist
cvelist

CVE-2024-5659 Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

0.0004EPSS

2024-06-14 04:42 PM
3
malwarebytes
malwarebytes

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

7.7AI Score

2024-06-14 04:29 PM
5
nuclei
nuclei

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before...

6.8AI Score

0.004EPSS

2024-06-14 04:26 PM
nvd
nvd

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-5934

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental...

6.6AI Score

EPSS

2024-06-14 04:15 PM
12
nvd
nvd

CVE-2024-5934

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental...

EPSS

2024-06-14 04:15 PM
3
cve
cve

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
9
cve
cve

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
11
nvd
nvd

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
1
nvd
nvd

CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

4.3CVSS

0.0004EPSS

2024-06-14 04:15 PM
1
cve
cve

CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-14 04:15 PM
10
nvd
nvd

CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

0.0004EPSS

2024-06-14 04:15 PM
3
cve
cve

CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-14 04:15 PM
9
cve
cve

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
13
cve
cve

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

7.1AI Score

0.0004EPSS

2024-06-14 04:15 PM
12
nvd
nvd

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

0.0004EPSS

2024-06-14 04:15 PM
2
nvd
nvd

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
schneier
schneier

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I'm speaking on...

7.2AI Score

2024-06-14 03:59 PM
vulnrichment
vulnrichment

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

7AI Score

0.0004EPSS

2024-06-14 03:48 PM
2
cvelist
cvelist

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 03:48 PM
4
openbugbounty
openbugbounty

lasercutting.gr Cross Site Scripting vulnerability OBB-3935263

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 03:47 PM
3
cvelist
cvelist

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

0.0004EPSS

2024-06-14 03:36 PM
cvelist
cvelist

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

4.3CVSS

0.0004EPSS

2024-06-14 03:33 PM
vulnrichment
vulnrichment

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:28 PM
cvelist
cvelist

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

0.0004EPSS

2024-06-14 03:28 PM
nvd
nvd

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

6.6AI Score

0.0004EPSS

2024-06-14 03:15 PM
12
nvd
nvd

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:15 PM
Total number of security vulnerabilities3050397