silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
silverstripe/framework's `Member.Name` is not escaped
The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected....
6.9AI Score
silverstripe/framework's `Member.Name` is not escaped
The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected....
6.9AI Score
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members.....
7.2AI Score
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, ChangePasswordForm::doChangePassword() logs in the user without checking Member::canLogIn(). This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members.....
7.2AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
5.3CVSS
7.4AI Score
CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
7.9AI Score
Summary IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details **...
5.8AI Score
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...
7AI Score
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...
7AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. #!/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/${d} done mount /dev/sda /mnt/test.....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be o...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as it holds a ref to rxrpc_peer. [DH: v2: Changed to abstract out the bundle freeing code into a...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. In particular, when the fence has already been signalled. Split out a helper to simplify handling this in the various different...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times). 7....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce...
6.5AI Score
0.0004EPSS
CNEXT exploits Exploits for CNEXT (CVE-2024-2961), a buffer...
7.8AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after initializing musb") has inverted the calls to dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without updating...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort are located at [0:3].....
6.8AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit...
6.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit.....
6.3CVSS
7.6AI Score
0.0004EPSS
MantisBT < 2.26.2 Multiple Vulnerabilities
According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities : Insufficient access control in the registration and password reset process allows an attacker to reset another user's...
6.8AI Score
Debian dla-3823 : less - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3823 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1 [email protected] ...
7.7AI Score
Fedora 39 : nextcloud (2024-80aa2e0e55)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-80aa2e0e55 advisory. Update nextcloud to 28.0.5 and PR #11 PR #11 Many issues fixed by aviram: - Better HTTPS handling in Apache configs - Better cron job compatibility with...
7.4AI Score
7.5AI Score
0.0005EPSS
7.5AI Score
0.0004EPSS
openSUSE 15 Security Update : cJSON (openSUSE-SU-2024:0139-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0139-1 advisory. - Update to 1.7.18: * CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420) * Remove non-functional list handling...
7.9AI Score
7.5AI Score
0.001EPSS
Ubuntu 24.04 LTS : python-cryptography vulnerability (USN-6673-3)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6673-3 advisory. USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: ...
7.5AI Score
This Week in Spring - May 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it will be! I'm in Venice, Italy, on a little vacation, but tomorrow I begin a quick journey to beautiful Sofia, Bulgaria, where I'll be speaking at the amazing JPrime software show (it's my first time speaking....
7AI Score
Fedora 40 : nextcloud (2024-456a389028)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-456a389028 advisory. Update nextcloud to 28.0.5 and PR #11 PR #11 Many issues fixed by aviram: - Better HTTPS handling in Apache configs - Better cron job compatibility with...
7.4AI Score
7.4AI Score
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score