Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

CGA-884x-9wc8-jcfm

Bulletin has no...

7.5CVSS

7.5AI Score

0.002EPSS

2024-06-19 06:06 PM
2
osv
osv

CGA-6cw7-c57f-pcxw

Bulletin has no...

6.7AI Score

0.0004EPSS

2024-06-19 06:06 PM
2
osv
osv

CGA-qj4j-rcmq-x6pf

Bulletin has no...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-19 06:04 PM
3
osv
osv

CGA-mrr8-97mj-749q

Bulletin has no...

4.4CVSS

4.6AI Score

0.0004EPSS

2024-06-19 06:04 PM
2
osv
osv

CGA-59hp-f8j9-2q3x

Bulletin has no...

9.8CVSS

9.5AI Score

0.003EPSS

2024-06-19 06:04 PM
1
osv
osv

CGA-3x64-823j-w579

Bulletin has no...

8.3CVSS

8.3AI Score

0.001EPSS

2024-06-19 06:04 PM
1
osv
osv

CGA-2hgj-h4gf-p4v7

Bulletin has no...

7.2CVSS

6.7AI Score

0.016EPSS

2024-06-19 06:04 PM
1
ibm
ibm

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS

9.5AI Score

0.939EPSS

2024-06-19 05:56 PM
14
osv
osv

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

8.1CVSS

8.2AI Score

0.0004EPSS

2024-06-19 05:15 PM
5
thn
thn

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly....

7.1AI Score

2024-06-19 04:40 PM
16
nvd
nvd

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free:...

0.0004EPSS

2024-06-19 03:15 PM
debiancve
debiancve

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: ...

7AI Score

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill()....

6.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
22
cve
cve

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free:...

6.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
21
nvd
nvd

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill()....

0.0004EPSS

2024-06-19 03:15 PM
debiancve
debiancve

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill()....

6.9AI Score

0.0004EPSS

2024-06-19 03:15 PM
debiancve
debiancve

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

7AI Score

0.0004EPSS

2024-06-19 03:15 PM
3
debiancve
debiancve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP...

6.8AI Score

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

6.3AI Score

0.0004EPSS

2024-06-19 03:15 PM
21
cve
cve

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

6.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
23
thn
thn

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...

9.8CVSS

8AI Score

0.321EPSS

2024-06-19 03:09 PM
33
osv
osv

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-19 03:07 PM
osv
osv

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-19 03:07 PM
2
osv
osv

socket.io has an unhandled 'error' event

Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. ``` node:events:502 throw err; // Unhandled 'error' event ^ Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined) at new NodeError...

7.3CVSS

6.5AI Score

0.0004EPSS

2024-06-19 03:04 PM
3
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
cvelist
cvelist

CVE-2021-47598 sch_cake: do not call cake_destroy() from cake_init()

In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free:...

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2021-47597 inet_diag: fix kernel-infoleak for UDP sockets

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill()....

0.0004EPSS

2024-06-19 02:53 PM
1
vulnrichment
vulnrichment

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

6.6AI Score

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

0.0004EPSS

2024-06-19 02:53 PM
1
cvelist
cvelist

CVE-2021-47588 sit: do not call ipip6_dev_free() from sit_init_net()

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against...

0.0004EPSS

2024-06-19 02:53 PM
2
cve
cve

CVE-2024-38613

In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire...

6.3AI Score

0.0004EPSS

2024-06-19 02:15 PM
20
nvd
nvd

CVE-2024-38613

In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire...

0.0004EPSS

2024-06-19 02:15 PM
2
debiancve
debiancve

CVE-2024-38613

In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire...

6.7AI Score

0.0004EPSS

2024-06-19 02:15 PM
debiancve
debiancve

CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

6.9AI Score

0.0004EPSS

2024-06-19 02:15 PM
1
cve
cve

CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

6.3AI Score

0.0004EPSS

2024-06-19 02:15 PM
22
nvd
nvd

CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

0.0004EPSS

2024-06-19 02:15 PM
2
cvelist
cvelist

CVE-2024-38613 m68k: Fix spinlock race in kernel thread creation

In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire...

0.0004EPSS

2024-06-19 01:56 PM
1
cvelist
cvelist

CVE-2024-36979 net: bridge: mst: fix vlan use-after-free

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

0.0004EPSS

2024-06-19 01:35 PM
1
vulnrichment
vulnrichment

CVE-2024-36979 net: bridge: mst: fix vlan use-after-free

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...

6.6AI Score

0.0004EPSS

2024-06-19 01:35 PM
osv
osv

Malicious code in test-package-random-name-for-test (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b1f87eff60d8591d10e2be79afe5011ea9f63f823c7a014281e4e21f0da76eb8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-19 01:32 PM
osv
osv

Malicious code in quickwebbasicauth (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e8ebea7be43f522c7fd45c4793bcac3b33c5ffafa2dc9ea3e0f28657bc650819) The OpenSSF Package Analysis project identified 'quickwebbasicauth' @ 2.3.2 (pypi) as malicious. It is considered malicious because: The package...

7.4AI Score

2024-06-19 01:22 PM
osv
osv

CGA-xh72-4x6m-jpfw

Bulletin has no...

2.7CVSS

3.6AI Score

0.0004EPSS

2024-06-19 01:06 PM
osv
osv

CGA-qwp2-rqgg-fp92

Bulletin has no...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-19 01:06 PM
2
osv
osv

CGA-qjf3-hj5q-c3qr

Bulletin has no...

4.9CVSS

5AI Score

0.0004EPSS

2024-06-19 01:06 PM
1
osv
osv

CGA-jgf5-4w5m-6h5j

Bulletin has no...

4.9CVSS

5AI Score

0.0004EPSS

2024-06-19 01:06 PM
1
osv
osv

CGA-96mq-j5w6-4gc5

Bulletin has no...

5.5CVSS

6.6AI Score

0.001EPSS

2024-06-19 01:06 PM
osv
osv

CGA-5wxh-2846-4r2x

Bulletin has no...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-19 01:06 PM
1
osv
osv

CGA-qm9x-3p47-5whw

Bulletin has no...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-19 01:04 PM
Total number of security vulnerabilities304784