Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

Keycloak: Leak of configured LDAP bind credentials

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection...

2.7CVSS

6.6AI Score

0.0004EPSS

2024-06-18 12:30 PM
1
kitploit
kitploit

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

6.9AI Score

2024-06-18 12:30 PM
6
talosblog
talosblog

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...

6.6AI Score

2024-06-18 12:00 PM
6
osv
osv

Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub (32-bit) and Scalar52::sub...

7.2AI Score

2024-06-18 12:00 PM
5
securelist
securelist

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI Score

2024-06-18 11:30 AM
3
thn
thn

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....

7.2AI Score

2024-06-18 11:23 AM
14
osv
osv

Malicious code in resolve-uri-latest (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6184d59fa1e765738b50981a8e7094d0744e987e5eadeaeebd3747d036edd22a) The OpenSSF Package Analysis project identified 'resolve-uri-latest' @ 9.999.0 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-06-18 11:08 AM
1
schneier
schneier

Rethinking Democracy for the Age of AI

There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI Score

2024-06-18 11:04 AM
3
nuclei
nuclei

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY.....

6.5CVSS

7AI Score

0.052EPSS

2024-06-18 09:47 AM
1
thn
thn

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more...

7.8AI Score

2024-06-18 09:41 AM
16
vulnrichment
vulnrichment

CVE-2024-5899 Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

7.1AI Score

0.0004EPSS

2024-06-18 08:12 AM
2
cvelist
cvelist

CVE-2024-5899 Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

0.0004EPSS

2024-06-18 08:12 AM
3
osv
osv

BIT-kibana-2024-23442

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

6.2AI Score

0.001EPSS

2024-06-18 07:22 AM
2
osv
osv

BIT-gitlab-2024-5469

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC...

3.1CVSS

6.3AI Score

0.0004EPSS

2024-06-18 07:18 AM
157
osv
osv

BIT-elk-2024-23442

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana...

6.1CVSS

6.2AI Score

0.001EPSS

2024-06-18 07:17 AM
2
osv
osv

BIT-airflow-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.This issue affects Apache...

6.1AI Score

0.0004EPSS

2024-06-18 07:17 AM
2
osv
osv

Malicious code in vivid_framework (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2010f8d2281230e81c4e7549be2af22ce8a41d11b5ae8d1920eb69b3aece581b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 06:50 AM
osv
osv

Malicious code in rb-fare-breakup (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (25a5d54730dc9f0fde2c00fc22012602258fa2002141d77e8c09f61347a82e33) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 06:50 AM
nvd
nvd

CVE-2024-4094

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

0.0004EPSS

2024-06-18 06:15 AM
2
cve
cve

CVE-2024-4094

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

5.7AI Score

0.0004EPSS

2024-06-18 06:15 AM
23
cvelist
cvelist

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

0.0004EPSS

2024-06-18 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

6.2AI Score

0.0004EPSS

2024-06-18 06:00 AM
osv
osv

Malicious code in rb-info-banner (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (795c3e45bb638b1058118c99f65db4e6f84244a2af7acbb4d6bd09a19b94dca6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 05:41 AM
3
osv
osv

Malicious code in rb-accordion (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (435bf9e58c9f11fe55f80f865ec1f291beee55aaaf1ff78d0235dbf93b35202f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 05:35 AM
osv
osv

Malicious code in rb-payment-input (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (57a9b44fcc5ba82938a7860faa1d7e0200a5e40758a5976f2b6970f4d24a21f0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 05:27 AM
osv
osv

Malicious code in mediaa (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (51b2ce3294e1295bc15a9a9967ceaa66afaddf19884a6ca9ad9fdf2c28bc2526) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
2
osv
osv

Malicious code in desainlgo (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6816a9ebbf76b673c2d99001909e8619eafde9886f10ecd02fada3b816e86908) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
osv
osv

Malicious code in stylee-logo (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b57b986ab11403a14ac18370067dd40fc0a3deca0e7580b55605078ea441e720) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
1
osv
osv

Malicious code in logo-stylee (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d393decd83d9e9777b1412a8994e72ccb1fdccc3a8157a431f4e72fe8553e717) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
osv
osv

Malicious code in logooo (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f609b1731a83d9360a1399bb75931accaed83e36b964fd2778b16388a9ddd520) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
1
osv
osv

Malicious code in imagezz (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (99e6c0c1f9b6bc126d4f60e6fd0d83e2bdebb10bb44f0dd42b05f34923935e0e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
osv
osv

Malicious code in detailimg (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (958f4802417b38ff187c6ffabc2a2c4d67c00b02a96c531501b5d899b5e70232) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-18 01:33 AM
2
osv
osv

Moderate: container-tools:rhel8 bug fix and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) buildah: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

4.9CVSS

4.8AI Score

0.0005EPSS

2024-06-18 12:00 AM
2
osv
osv

roundcube - security update

Bulletin has no...

6.7AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
oraclelinux
oraclelinux

glibc security update

[2.17-326.0.6.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: April-28-2023 Cupertino Miranda - 2.17-326.0.6 - OraBug 35338741 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi February-22-2023...

7.7AI Score

0.0005EPSS

2024-06-18 12:00 AM
5
spring
spring

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I.....

7.3AI Score

2024-06-18 12:00 AM
4
kaspersky
kaspersky

KLA68998 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

8.8CVSS

9.6AI Score

0.001EPSS

2024-06-18 12:00 AM
1
f5
f5

K000140043: runc vulnerability CVE-2024-21626

Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...

8.6CVSS

7AI Score

0.051EPSS

2024-06-18 12:00 AM
3
f5
f5

K000140039: Intel QAT vulnerability CVE-2023-32641

Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 12:00 AM
5
nessus
nessus

Google Chrome < 126.0.6478.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...

8.8CVSS

9.4AI Score

0.001EPSS

2024-06-18 12:00 AM
18
osv
osv

composer - security update

Bulletin has no...

8.8CVSS

6.7AI Score

0.0004EPSS

2024-06-18 12:00 AM
f5
f5

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....

4.2CVSS

6.4AI Score

0.002EPSS

2024-06-18 12:00 AM
1
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 126.0.6478.114/115 for Windows, Mac and 126.0.6478.114 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 12:00 AM
27
ubuntu
ubuntu

Linux kernel (HWE) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-hwe-6.5 - Linux hardware enablement (HWE) kernel Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 12:00 AM
1
nessus
nessus

Oracle Linux 7 : glibc (ELSA-2024-12442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12442 advisory. - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: April-28-2023...

9.8CVSS

10AI Score

0.009EPSS

2024-06-18 12:00 AM
3
f5
f5

K000140029: libcurl vulnerability CVE-2024-2398

Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...

6.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
9
f5
f5

K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159

Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before...

7.5CVSS

7.4AI Score

0.915EPSS

2024-06-18 12:00 AM
5
nessus
nessus

Google Chrome < 126.0.6478.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_18 advisory. Type Confusion in V8. (CVE-2024-6100) Inappropriate implementation in...

8.8CVSS

9.3AI Score

0.001EPSS

2024-06-18 12:00 AM
12
osv
osv

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec

Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled (please see the RKE documentation). When...

6.1AI Score

EPSS

2024-06-17 10:30 PM
9
osv
osv

Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

6.2AI Score

EPSS

2024-06-17 10:30 PM
3
Total number of security vulnerabilities304784