Lucene search

K

F-Secure Endpoint Protection Products On Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud Security Vulnerabilities

cvelist
cvelist

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...

4.6CVSS

0.0004EPSS

2024-06-14 03:23 PM
nvd
nvd

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

6.6AI Score

0.0004EPSS

2024-06-14 03:15 PM
6
nvd
nvd

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37367

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

6.5AI Score

0.0004EPSS

2024-06-14 03:15 PM
8
nvd
nvd

CVE-2024-37367

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-37312

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...

6.3CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37312

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-06-14 03:15 PM
5
cve
cve

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
6
cve
cve

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
3
nvd
nvd

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

0.0004EPSS

2024-06-14 03:15 PM
1
nvd
nvd

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
3
cve
cve

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

7.4AI Score

0.0004EPSS

2024-06-14 03:15 PM
4
nvd
nvd

CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
3
cve
cve

CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
7
nvd
nvd

CVE-2024-23442

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

0.001EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-23442

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

6.2AI Score

0.001EPSS

2024-06-14 03:15 PM
10
cvelist
cvelist

CVE-2024-37315 Nextcloud Server's read-only users can restore old versions

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

0.0004EPSS

2024-06-14 03:08 PM
cvelist
cvelist

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:05 PM
vulnrichment
vulnrichment

CVE-2024-37313 Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

7.1AI Score

0.0004EPSS

2024-06-14 02:50 PM
cvelist
cvelist

CVE-2024-37313 Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

0.0004EPSS

2024-06-14 02:50 PM
2
cvelist
cvelist

CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...

6.3CVSS

0.0004EPSS

2024-06-14 02:43 PM
2
vulnrichment
vulnrichment

CVE-2024-37312 Nextcloud user_oidc app's ID4me feature is available even when disabled

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-06-14 02:43 PM
nextcloud
nextcloud

Can reshare read&share only folder with more permissions

Description Impact A recipient of a share with read&share permissions could reshare the item with more permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.12.17 or...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:37 PM
1
nextcloud
nextcloud

Events information leaked with shared calendars on recurrence exceptions

Description Impact Private shared calendar events' recurrence exceptions can be read by sharees. Patches It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 It is recommended that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:36 PM
2
nextcloud
nextcloud

ID4me does not validate signature or expiration

Description Impact An attacker could potentially trick the app into accepting a request that is not signed by the correct server Patches It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0 Workarounds No workaround available References HackerOne...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:35 PM
1
nextcloud
nextcloud

Code injection in Nextcloud Desktop Client for macOS

Description Impact A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. Patches It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0 Workarounds No workaround...

3.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:34 PM
nextcloud
nextcloud

Users can delete old versions of read-only shared files

Description Impact A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server is...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:34 PM
1
nextcloud
nextcloud

Can access comments and attachments of deleted cards

Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...

4.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:33 PM
2
nextcloud
nextcloud

Notes app can be tricked into using a received share created before the user logged in

Description Impact If an attacker managed to share a folder called Notes/ with a newly created user before they logged in, the Notes app would use that folder store the personal notes. Patches It is recommended that the Nextcloud Notes app is upgraded to 4.9.3 Workarounds Disable Notes app ...

4.6CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:31 PM
2
cvelist
cvelist

CVE-2024-34694 LNbits improperly handles potential network and payment failures when using Eclair backend

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

0.0004EPSS

2024-06-14 02:31 PM
2
cvelist
cvelist

CVE-2024-37368 Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

0.0004EPSS

2024-06-14 02:30 PM
2
nextcloud
nextcloud

Event create can create attachments that link to other websites

Description Impact Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. Patches It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2 Workarounds Disable the calendar app References ...

4.6CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:30 PM
1
nextcloud
nextcloud

Read-only users can restore old versions

Description Impact An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server....

3.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:29 PM
nextcloud
nextcloud

Missing permission check when removing a photo from an album

Description Impact Users can remove photos from the album of registered users Patches It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 It is recommended that the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2 Workarounds No workaround available References ...

3.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:29 PM
1
vulnrichment
vulnrichment

CVE-2024-23442 Kibana open redirect issue

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

6.9AI Score

0.001EPSS

2024-06-14 02:26 PM
cvelist
cvelist

CVE-2024-23442 Kibana open redirect issue

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

0.001EPSS

2024-06-14 02:26 PM
3
nextcloud
nextcloud

Ability to by-pass second factor

Description Impact Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 It is recommended that the Nextcloud Enterprise Server is...

7.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 02:26 PM
1
nextcloud
nextcloud

ID4me feature of OpenID connect app available even when disabled

Description Impact Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. Patches It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-06-14 02:25 PM
openbugbounty
openbugbounty

restobarguide.com Cross Site Scripting vulnerability OBB-3935262

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 02:22 PM
3
cvelist
cvelist

CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

0.0004EPSS

2024-06-14 02:17 PM
3
openbugbounty
openbugbounty

yoweby.com Cross Site Scripting vulnerability OBB-3935261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 02:13 PM
4
openbugbounty
openbugbounty

acoc.group Cross Site Scripting vulnerability OBB-3935260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 02:07 PM
2
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
3
rocky
rocky

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

7.2AI Score

2024-06-14 02:00 PM
rocky
rocky

booth security update

An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
Total number of security vulnerabilities2967441