Genie Path Traversal vulnerability via File Uploads
Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...
9.9CVSS
7.2AI Score
0.0004EPSS
Genie Path Traversal vulnerability via File Uploads
Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...
9.9CVSS
7.5AI Score
0.0004EPSS
An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage (LFS) replaces large files such as audio samples,...
7.5AI Score
0.0004EPSS
Important: git-lfs security update
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
7.6AI Score
0.0004EPSS
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
7.6AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...
9.8CVSS
9.7AI Score
EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...
10CVSS
10AI Score
0.05EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
7.8CVSS
7AI Score
0.011EPSS
9.8CVSS
7.4AI Score
0.0004EPSS
IBM Java 7.1 < 7.1.5.22 / 8.0 < 8.0.8.25 Multiple Vulnerabilities
The version of IBM Java installed on the remote host is prior to 7.1 < 7.1.5.22 / 8.0 < 8.0.8.25. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update May 2024 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 throu...
5.9CVSS
6.1AI Score
0.0004EPSS
EulerOS 2.0 SP10 : shim (EulerOS-SA-2024-1579)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....
8.3CVSS
8.1AI Score
0.025EPSS
K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019
Security Advisory Description CVE-2023-46809 This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2024-21892 On Linux, Node.js ignores certain environment...
7.5AI Score
EPSS
7.4AI Score
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...
3.5CVSS
3.7AI Score
0.0004EPSS
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...
3.5CVSS
6.5AI Score
0.0004EPSS
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...
3.5CVSS
4.1AI Score
0.0004EPSS
(RHSA-2024:2764) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...
7.4AI Score
EPSS
(RHSA-2024:2763) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...
7.4AI Score
EPSS
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...
7.7CVSS
6.9AI Score
0.0004EPSS
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...
7.7CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3507 Privilege escalation vulnerability in Lunar
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...
7.7CVSS
7.8AI Score
0.0004EPSS
CVE-2024-3507 Privilege escalation vulnerability in Lunar
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...
7.7CVSS
7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details ** CVEID:....
7.5CVSS
8.2AI Score
0.008EPSS
Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale
Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.1CVSS
9.8AI Score
0.008EPSS
7.1CVSS
7.3AI Score
0.0004EPSS
K11342432 : BIG-IP HTTP non-RFC-compliant security exposure
Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....
7.2AI Score
GLSA-202405-25 : MariaDB: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-25 (MariaDB: Multiple Vulnerabilities) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit...
7.8CVSS
8.4AI Score
EPSS
K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883
Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883) Impact A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit.....
7.4CVSS
7.2AI Score
0.0004EPSS
8.4CVSS
8.5AI Score
0.0004EPSS
K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks
Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP.....
7.3AI Score
K000139447 : Apache httpd vulnerability CVE-2024-24795
Security Advisory Description HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...
6.8AI Score
0.0004EPSS
K000138636 : BIG-IP Configuration utility XSS vulnerability CVE-2024-31156
Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-31156) Impact An authenticated attacker may exploit.....
8CVSS
5.3AI Score
0.0004EPSS
K000139012 : BIG-IP Next Central Manager vulnerability CVE-2024-33612
Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary....
6.8CVSS
6.7AI Score
0.0004EPSS
K000138913 : BIG-IP Next CNF vulnerability CVE-2024-28132
Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing (GSLB) container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. (CVE-2024-28132) Impact An authenticated attacker....
4.4CVSS
6.7AI Score
0.0004EPSS
Azure File Sync Agent v18 Release - May 2024 (Flighting)
Azure File Sync Agent v18 Release - May 2024 (Flighting) This article describes the improvements and issues that are fixed in the Azure File Sync Agent v18 release that is dated May 2024. Additionally, this article contains installation instructions for this release. Improvements and issues that...
7AI Score
K000138733 : BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026
Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-26026) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API...
7.5CVSS
8.4AI Score
0.0004EPSS
K000138520 : BIG-IP Configuration utility vulnerability CVE-2024-27202
Security Advisory Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-27202) Impact An attacker may exploit this...
4.7CVSS
5.6AI Score
0.0004EPSS
K000139404 : Quarterly Security Notification (May 2024)
Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
6.9AI Score
0.0004EPSS
K000138912 : BIG-IP SSL vulnerability CVE-2024-28889
Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-28889) Impact Traffic.....
5.9CVSS
7.1AI Score
0.0004EPSS
K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604
Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604) Impact An attacker may exploit this...
6.1CVSS
5.6AI Score
0.0004EPSS
Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled (for example, all or.....
7.1AI Score
K000138634 : BIG-IP Next Central Manager vulnerability CVE-2024-32049
Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. (CVE-2024-32049) Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle (MITM) position between a BIG-IP Next.....
7.4CVSS
7.2AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 (RHSA-2024:2764)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2764 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
5.3CVSS
6.2AI Score
EPSS
K000139217 : BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761
Security Advisory Description Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is.....
6.5CVSS
6.8AI Score
0.0004EPSS
K000139037: TMM vulnerability CVE-2024-25560
Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...
7.5AI Score
0.0004EPSS
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
7.5AI Score
0.0005EPSS
K000138732 : BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793
Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-21793) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP NEXT Central Manager API...
7.5CVSS
8.2AI Score
0.0004EPSS
K000138728 : BIG-IP IPsec vulnerability CVE-2024-33608
Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-33608) Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker.....
7.5CVSS
7.2AI Score
0.0004EPSS
Exploits and vulnerabilities in Q1 2024
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....
8.9AI Score
0.971EPSS
Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)
Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details ** CVEID: CVE-2024-1597 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) is vulnerable to SQL injection. A remote attacker could send specially...
10CVSS
9.7AI Score
0.001EPSS