Lucene search

K

F-Secure Endpoint Protection Products On Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud Security Vulnerabilities

veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization in the function _load_model_from_local_file within sklearn/init.py. An attacker can inject a malicious pickle object into a model file on upload, which will be deserialized resulting in...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-06-17 06:19 AM
cve
cve

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-17 06:15 AM
21
nvd
nvd

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 06:15 AM
7
openbugbounty
openbugbounty

heerfashion.com Cross Site Scripting vulnerability OBB-3935807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:09 AM
2
veracode
veracode

Improper Check For Unusual Or Exceptional Conditions

lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30...

8.1CVSS

6.7AI Score

0.0004EPSS

2024-06-17 05:52 AM
1
vulnrichment
vulnrichment

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.9AI Score

0.001EPSS

2024-06-17 05:48 AM
3
cvelist
cvelist

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-17 05:48 AM
3
openbugbounty
openbugbounty

mashcall.com Cross Site Scripting vulnerability OBB-3935805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 05:41 AM
2
thn
thn

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

6.9AI Score

2024-06-17 05:11 AM
18
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of untrusted data in the _load_model_from_local_file function within the sklearn/init .py. The vulnerability allows an attacker to inject a malicious pickle object into a model file on...

8.8CVSS

7.3AI Score

0.0004EPSS

2024-06-17 04:59 AM
veracode
veracode

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

7.4AI Score

0.0004EPSS

2024-06-17 04:30 AM
veracode
veracode

Sensitive Information Disclosure

apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web...

6.2AI Score

0.0004EPSS

2024-06-17 04:21 AM
nvd
nvd

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 04:15 AM
5
cve
cve

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-17 04:15 AM
32
veracode
veracode

Missing Authorization

snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self" permissions to modify group memberships without verifying if they are...

7.6CVSS

6.7AI Score

0.0004EPSS

2024-06-17 04:08 AM
1
nvd
nvd

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 03:15 AM
6
cve
cve

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

7.4AI Score

0.0004EPSS

2024-06-17 03:15 AM
12
nvd
nvd

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

0.0004EPSS

2024-06-17 03:15 AM
4
cve
cve

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-17 03:15 AM
7
cvelist
cvelist

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 03:12 AM
8
cvelist
cvelist

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

0.0004EPSS

2024-06-17 03:07 AM
cvelist
cvelist

CVE-2024-6044 D-Link router - Arbitrary File Reading

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 02:30 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6818-3)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.001EPSS

2024-06-17 12:00 AM
2
oraclelinux
oraclelinux

firefox security update

[115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
nessus
nessus

openSUSE 15 Security Update : php8 (SUSE-SU-2024:2039-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2039-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the preceding...

5.3CVSS

6.9AI Score

0.001EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3952)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

Debian dla-3835 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected] ...

6.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
packetstorm

7.4AI Score

2024-06-17 12:00 AM
26
osv
osv

php7.3 - security update

Bulletin has no...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-17 12:00 AM
nessus
nessus

Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)

The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : firefox (RHSA-2024:3958)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3958 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

openSUSE 15 Security Update : booth (SUSE-SU-2024:2040-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2040-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) Tenable has...

7.4CVSS

6.9AI Score

0.001EPSS

2024-06-17 12:00 AM
oraclelinux
oraclelinux

flatpak security update

[1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) [1.12.8-1] - Rebase to 1.12.8 (RHEL-4220) [1.10.8-3] - Let flatpak own %{_sysconfdir}/flatpak...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : firefox (RHSA-2024:3955)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3953)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 7 : linux-firmware (RHSA-2024:3939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...

8.2CVSS

7.4AI Score

0.0005EPSS

2024-06-17 12:00 AM
oraclelinux
oraclelinux

firefox security update

[115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.12.0-1] - Update to 115.12.0...

7AI Score

0.0004EPSS

2024-06-17 12:00 AM
osv
osv

roundcube - security update

Bulletin has no...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
osv
osv

nano - security update

Bulletin has no...

4.7CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0221)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-17 12:00 AM
osv
osv

pymongo - security update

Bulletin has no...

4.7CVSS

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3950)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3950 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 7 : firefox (RHSA-2024:3951)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0219)

The remote host is missing an update for...

7.1AI Score

0.008EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0222)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0224)

The remote host is missing an update for...

8.5CVSS

7.1AI Score

0.005EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
veeam
veeam

Security Context Constraints(SCC) capabilities setting for Generic Storage Backup and Restore with OCP 4.11 or higher

This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and...

7AI Score

2024-06-17 12:00 AM
Total number of security vulnerabilities2968778