Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

CGA-c8pv-52m7-2mhm

Bulletin has no...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-77h5-pgh2-r2fg

Bulletin has no...

5.6CVSS

6.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-64x3-8rfh-jpqf

Bulletin has no...

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-12 08:05 AM
2
osv
osv

CGA-gvwm-h3qq-8679

Bulletin has no...

9.8CVSS

9.5AI Score

0.932EPSS

2024-06-12 08:05 AM
osv
osv

CGA-5mr6-pxmv-g3rf

Bulletin has no...

7.2AI Score

2024-06-12 08:05 AM
osv
osv

CGA-3hpq-6pch-94j5

Bulletin has no...

5.9CVSS

6.4AI Score

0.001EPSS

2024-06-12 08:05 AM
1
osv
osv

CGA-g75w-3gxm-gj8g

Bulletin has no...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

BIT-suitecrm-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

6.8AI Score

0.001EPSS

2024-06-12 07:39 AM
osv
osv

BIT-suitecrm-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

6.5CVSS

7AI Score

0.0005EPSS

2024-06-12 07:39 AM
1
osv
osv

BIT-suitecrm-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:39 AM
osv
osv

BIT-suitecrm-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

BIT-suitecrm-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

7.7AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

6.1AI Score

0.0004EPSS

2024-06-12 07:37 AM
osv
osv

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
osv
osv

BIT-suitecrm-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.6AI Score

0.001EPSS

2024-06-12 07:37 AM
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
osv
osv

BIT-suitecrm-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

6.2AI Score

0.001EPSS

2024-06-12 07:36 AM
1
osv
osv

BIT-suitecrm-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

7.6AI Score

0.0004EPSS

2024-06-12 07:36 AM
osv
osv

BIT-suitecrm-2024-36419

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:36 AM
osv
osv

BIT-php-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...

5.9CVSS

6.3AI Score

0.001EPSS

2024-06-12 07:31 AM
osv
osv

BIT-php-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-12 07:30 AM
3
osv
osv

BIT-php-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-12 07:30 AM
osv
osv

BIT-php-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....

9.4CVSS

8.1AI Score

0.001EPSS

2024-06-12 07:30 AM
2
osv
osv

BIT-composer-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-12 07:16 AM
osv
osv

BIT-composer-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-12 07:16 AM
thn
thn

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

9.8CVSS

8.7AI Score

0.05EPSS

2024-06-12 04:26 AM
16
osv
osv

Malicious code in blueprint-org-planning-app-adp-wrapper (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:18 AM
osv
osv

Malicious code in atoz-attendance-app (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff390162beebf06ba564766a3ffc0a06c520792994c16cba3ea0d97ea64d1f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:18 AM
osv
osv

Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:18 AM
osv
osv

Malicious code in virtuoso-web-chat (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:14 AM
osv
osv

Malicious code in zwork (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d55b817c75eb4e4cbea58f640b87c52fd65b16657f129f68a7fb53a604fde7f8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:00 AM
1
osv
osv

parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...

9.1CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:31 AM
1
fedora
fedora

[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...

8.3CVSS

7AI Score

0.0005EPSS

2024-06-12 01:32 AM
osv
osv

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...

9.1CVSS

6.7AI Score

0.0004EPSS

2024-06-12 01:15 AM
fedora
fedora

[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS

7.3AI Score

0.973EPSS

2024-06-12 01:12 AM
redhatcve
redhatcve

CVE-2023-52742

In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a...

6.7AI Score

0.0004EPSS

2024-06-12 12:27 AM
osv
osv

UNKNOWN READ in ndpi_search_zoom

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69520 Crash type: UNKNOWN READ Crash state: ndpi_search_zoom check_ndpi_detection_func...

7.2AI Score

2024-06-12 12:12 AM
osv
osv

Malicious code in icon-reactjs (npm)

This package is considered malicious because it contains code to spam Telegram channels and Whatsapp channels with fake payment...

7.3AI Score

2024-06-12 12:08 AM
1
osv
osv

Heap-buffer-overflow in mz_zip_mem_read_func

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69531 Crash type: Heap-buffer-overflow READ {*} Crash state: mz_zip_mem_read_func mz_zip_validate_file...

7.2AI Score

2024-06-12 12:06 AM
osv
osv

Heap-buffer-overflow in mz_zip_mem_read_func

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69528 Crash type: Heap-buffer-overflow READ {*} Crash state: mz_zip_mem_read_func mz_zip_reader_read_central_dir...

7.2AI Score

2024-06-12 12:06 AM
osv
osv

Use-of-uninitialized-value in icalmemory_strdup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69527 Crash type: Use-of-uninitialized-value Crash state: icalmemory_strdup icalparameter_new_from_value_string...

7.2AI Score

2024-06-12 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6820-2)

The remote host is missing an update for...

8CVSS

7.5AI Score

0.0004EPSS

2024-06-12 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

6.1AI Score

0.0004EPSS

2024-06-12 12:00 AM
osv
osv

firefox-esr - security update

Bulletin has no...

6.6AI Score

0.0004EPSS

2024-06-12 12:00 AM
cvelist
cvelist

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

0.0004EPSS

2024-06-12 12:00 AM
osv
osv

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...

9.6CVSS

5.6AI Score

0.0004EPSS

2024-06-11 10:15 PM
1
osv
osv

linux-aws, linux-oracle vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-11 10:09 PM
3
Total number of security vulnerabilities303833