Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

7.2AI Score

0.05EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...

8.1CVSS

6.7AI Score

0.009EPSS

2024-06-14 01:59 PM
osv
osv

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in...

7AI Score

2024-06-14 01:41 PM
osv
osv

Evmos allows unvested token delegations in github.com/evmos/evmos/v10

Evmos allows unvested token delegations in...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-14 01:41 PM
2
osv
osv

go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression

go-grpc-compression has a zstd decompression bombing vulnerability in...

7.1AI Score

2024-06-14 01:41 PM
1
osv
osv

malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o

malicious container creates symlink "mtab" on the host External in...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv

6.7AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv
osv

Ollama does not validate the format of the digest (sha256 with 64 hex digits) in github.com/ollama/ollama

Ollama does not validate the format of the digest (sha256 with 64 hex digits) in...

6.8AI Score

EPSS

2024-06-14 01:41 PM
osv
osv

apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko

apko Exposure of HTTP basic auth credentials in log output in...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv
osv

Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos/v10

Contract balance not updating correctly after interchain transaction in...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv
osv

Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd/v2

Unauthenticated Access to sensitive settings in Argo CD in...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-14 01:41 PM
1
osv
osv

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in github.com/traefik/traefik

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in...

6.3AI Score

0.0004EPSS

2024-06-14 01:41 PM
osv
osv

`docker cp` allows unexpected chmod of host files in Moby Docker Engine in github.com/docker/docker

docker cp allows unexpected chmod of host files in Moby Docker Engine in...

6.3CVSS

6.3AI Score

0.0005EPSS

2024-06-14 01:41 PM
osv
osv

Files or Directories Accessible to External Parties in ProjectDiscovery in github.com/projectdiscovery/interactsh

Files or Directories Accessible to External Parties in ProjectDiscovery in...

9.8CVSS

9.4AI Score

0.001EPSS

2024-06-14 01:41 PM
osv

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-14 01:41 PM
osv
osv

SQL Injection in Harbor scan log API in github.com/goharbor/harbor

SQL Injection in Harbor scan log API in...

2.7CVSS

8.1AI Score

0.0004EPSS

2024-06-14 01:41 PM
1
osv
osv

evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10

evmos allows transferring unvested tokens after delegations in...

3.5CVSS

3.9AI Score

0.0004EPSS

2024-06-14 01:41 PM
thn
thn

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....

6.8AI Score

2024-06-14 01:21 PM
4
thn
thn

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....

7.2AI Score

2024-06-14 11:01 AM
4
osv
osv

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

6.9AI Score

0.0004EPSS

2024-06-14 10:15 AM
1
osv
osv

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.6AI Score

0.0004EPSS

2024-06-14 09:15 AM
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
nvd
nvd

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

0.001EPSS

2024-06-14 07:15 AM
4
cve
cve

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-14 07:15 AM
10
cvelist
cvelist

CVE-2024-5994 WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

0.001EPSS

2024-06-14 06:53 AM
3
vulnrichment
vulnrichment

CVE-2024-5994 WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-14 06:53 AM
thn
thn

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...

7.1AI Score

2024-06-14 06:45 AM
cve
cve

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

4.3AI Score

0.0005EPSS

2024-06-14 04:15 AM
8
nvd
nvd

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

0.0005EPSS

2024-06-14 04:15 AM
cvelist
cvelist

CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

0.0005EPSS

2024-06-14 03:35 AM
2
githubexploit
githubexploit

Exploit for CVE-2024-23692

Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...

9.8CVSS

10AI Score

0.002EPSS

2024-06-14 01:33 AM
61
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
49
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

7.2AI Score

0.001EPSS

2024-06-14 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

9.8CVSS

8.4AI Score

0.005EPSS

2024-06-14 12:00 AM
osv
osv

atril - security update

Bulletin has no...

8.5CVSS

6.7AI Score

0.005EPSS

2024-06-14 12:00 AM
exploitdb

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
54
osv

6.7AI Score

EPSS

2024-06-14 12:00 AM
osv
osv

chromium - security update

Bulletin has no...

6.9AI Score

0.0004EPSS

2024-06-14 12:00 AM
exploitdb

5.5CVSS

7.4AI Score

0.002EPSS

2024-06-14 12:00 AM
53
cve
cve

CVE-2024-32923

there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

6.6AI Score

0.0004EPSS

2024-06-13 09:15 PM
14
cve
cve

CVE-2024-32924

In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

6.6AI Score

0.0004EPSS

2024-06-13 09:15 PM
14
cve
cve

CVE-2024-32925

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

7.5AI Score

0.0004EPSS

2024-06-13 09:15 PM
18
cve
cve

CVE-2024-32926

there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.8AI Score

0.0004EPSS

2024-06-13 09:15 PM
18
cve
cve

CVE-2024-32930

In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...

6AI Score

0.0004EPSS

2024-06-13 09:15 PM
14
cve
cve

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.4AI Score

0.0004EPSS

2024-06-13 09:15 PM
47
Total number of security vulnerabilities303833