Lucene search

K

Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2180-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1843)

The remote host is missing an update for the Huawei...

7.8CVSS

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
ubuntu
ubuntu

Ansible vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages ansible - Configuration management, deployment, and task execution system Details It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an...

7.8CVSS

7.7AI Score

0.002EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)

The remote host is missing an update for the Huawei...

7.5AI Score

EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for libyaml (EulerOS-SA-2024-1838)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
gitlab
gitlab

Aimeos HTML client may potentially reveal sensitive information in error log

Debug information can reveal sensitive information from environment variables in error...

8.8CVSS

6.5AI Score

EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

7.4AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

RHEL 9 : git (RHSA-2024:4083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4083 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

9CVSS

7.2AI Score

0.001EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1818)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
osv
osv

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

9CVSS

9.1AI Score

0.001EPSS

2024-06-25 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for...

6.1CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
almalinux
almalinux

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

9CVSS

9.1AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1848)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-1809)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205) In Emacs...

6.8AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : libyaml (EulerOS-SA-2024-1838)

According to the versions of the libyaml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function...

7.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : git (ALSA-2024:4083)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

9CVSS

9.5AI Score

0.001EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1839)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.9 (ALSA-2024:4078)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.11 (ALSA-2024:4077)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
wpvulndb
wpvulndb

WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File...

7.2AI Score

2024-06-25 12:00 AM
3
packetstorm

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
13
nvd
nvd

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 11:15 PM
6
cve
cve

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
10
vulnrichment
vulnrichment

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.4AI Score

0.0004EPSS

2024-06-24 10:54 PM
cvelist
cvelist

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 10:54 PM
3
githubexploit
githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

CVE 2023 25690 Description Some mod_proxy configurations on...

9.8CVSS

7.2AI Score

0.007EPSS

2024-06-24 10:20 PM
60
nvd
nvd

CVE-2024-36682

In the module "Theme settings" (pk_themesettings) &lt;= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can.....

0.0004EPSS

2024-06-24 10:15 PM
7
cve
cve

CVE-2024-36682

In the module "Theme settings" (pk_themesettings) &lt;= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can.....

7AI Score

0.0004EPSS

2024-06-24 10:15 PM
11
ibm
ibm

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

6.2CVSS

7.3AI Score

0.0005EPSS

2024-06-24 10:05 PM
1
mageia
mageia

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-24 10:04 PM
6
redhatcve
redhatcve

CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp...

6CVSS

5.9AI Score

0.0004EPSS

2024-06-24 09:50 PM
4
github
github

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

7AI Score

EPSS

2024-06-24 08:44 PM
2
osv
osv

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

7.3AI Score

EPSS

2024-06-24 08:44 PM
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
8
cve
cve

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

7.3AI Score

0.0004EPSS

2024-06-24 07:15 PM
7
nvd
nvd

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

0.0004EPSS

2024-06-24 07:15 PM
4
osv
osv

go-retryablehttp can leak basic auth credentials to log files

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp...

6CVSS

6.9AI Score

0.0004EPSS

2024-06-24 06:31 PM
github
github

go-retryablehttp can leak basic auth credentials to log files

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp...

6CVSS

5.9AI Score

0.0004EPSS

2024-06-24 06:31 PM
3
nvd
nvd

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

0.0004EPSS

2024-06-24 06:15 PM
6
osv
osv

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 06:15 PM
cve
cve

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-24 06:15 PM
10
github
github

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

9.9CVSS

7AI Score

0.0004EPSS

2024-06-24 06:00 PM
4
osv
osv

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

9.9CVSS

7AI Score

0.0004EPSS

2024-06-24 06:00 PM
2
vulnrichment
vulnrichment

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-24 05:36 PM
cvelist
cvelist

CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

0.0004EPSS

2024-06-24 05:36 PM
1
Total number of security vulnerabilities1034739