CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
4.2AI Score
0.0004EPSS
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
6.8AI Score
0.0004EPSS
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who...
8.6CVSS
8.7AI Score
0.0004EPSS
vyper is vulnerable to Improper Input Validation. The vulnerability is caused by improper handling of memory or storage arguments in the raw_log builtin, which results in incorrect values being logged when these arguments are used as...
5.3CVSS
6.8AI Score
0.0004EPSS
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router...
6.5AI Score
0.0004EPSS
vyper performs incorrect topic logging in raw_log
Summary Incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of raw_log() were found at all in production; it is apparently...
5.3CVSS
5.3AI Score
0.0004EPSS
vyper performs incorrect topic logging in raw_log
Summary Incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of raw_log() were found at all in production; it is apparently...
5.3CVSS
5.3AI Score
0.0004EPSS
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in....
5.3CVSS
5.3AI Score
0.0004EPSS
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in....
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-32645 vyper performs incorrect topic logging in raw_log
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in....
5.3CVSS
5.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
The CISO’s Top Priority: Elevating Data-Centric Security
The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers (CISOs) to improve data protection, compliance,...
7.2AI Score
(RHSA-2024:2062) Important: Service Telemetry Framework 1.5.4 security update
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage,...
7.2AI Score
0.008EPSS
CVE-2023-3597 Keycloak: secondary factor bypass in step-up authentication
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass...
5CVSS
5.5AI Score
0.0004EPSS
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Business email compromise (BEC) was the top threat observed by Cisco Talos Incident Response (Talos IR) in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access...
8.3AI Score
0.733EPSS
Multiple Vulnerabilities in Hitachi Energy RTU500 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the...
8.2CVSS
7.3AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these...
7.5CVSS
8.3AI Score
0.0004EPSS
Rockwell Automation 5015-AENFTXT (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the...
7.5CVSS
7.6AI Score
0.0004EPSS
WP-Members Membership Plugin < 3.4.9.4 - Unprotected Storage of Potentially Sensitive Files
Description The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible...
5.3CVSS
6.8AI Score
0.0004EPSS
K000139405 : MySQL vulnerability CVE-2023-21950
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
4.9CVSS
6.2AI Score
0.0004EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level.....
6CVSS
6.8AI Score
0.001EPSS
Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...
6CVSS
6.8AI Score
0.001EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <...
5.5CVSS
6.4AI Score
0.0005EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <...
5.5CVSS
6.9AI Score
0.0005EPSS
Denial of service in Kubernetes
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...
5.5CVSS
6.5AI Score
0.0004EPSS
Denial of service in Kubernetes
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...
5.5CVSS
7AI Score
0.0004EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
6CVSS
6.2AI Score
0.001EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
6CVSS
6.4AI Score
0.001EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
6CVSS
7.4AI Score
0.001EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
7.5AI Score
0.001EPSS
TikTok comes one step closer to a US ban
The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...
7.2AI Score
Summary Vulnerabilities in Apache Commons Compress may affect IBM Storage Insights. Vulnerabilities include denial of service attacks, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is...
8.1CVSS
7.3AI Score
0.001EPSS
RHEL 6 : openstack-cinder (RHSA-2014:1787)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1787 advisory. OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The...
6.5AI Score
0.002EPSS
RHEL 7 : openstack-swift (RHSA-2015:1681)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1681 advisory. OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary ...
6AI Score
0.004EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
9.9AI Score
0.935EPSS
7.4AI Score
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
6CVSS
7.2AI Score
0.001EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
8.7AI Score
0.935EPSS
Nginx 1.25.5 Host Header Validation Vulnerability
Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for...
7.3AI Score
Virtuozzo Hybrid Infrastructure 6.0 Update 1.5 (6.0.1-93)
This update provides a stability improvement. Vulnerability id: VSTOR-84827 Fixed iSCSI persistent...
7.3AI Score
RHEL 7 : openstack-swift (RHSA-2014:0941)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0941 advisory. OpenStack Object Storage (Swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary ...
5.9AI Score
0.003EPSS
Flash Video Player <= 5.0.4 - Cross-Site Request Forgery
Description The Flash Video Player plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
6.4AI Score
EPSS
OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability
Talos Vulnerability Report TALOS-2024-1957 OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability April 23, 2024 CVE Number CVE-2024-28130 SUMMARY An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of...
7.5CVSS
7.6AI Score
0.0005EPSS
Security Advisory Description CVE-2024-21011 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22;...
3.7CVSS
3.2AI Score
0.001EPSS
An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious...
6.9AI Score
0.0004EPSS
An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious...
7.1AI Score
0.0004EPSS
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to execute arbitrary shell commands in its context.....
7.1AI Score
0.0004EPSS
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to execute arbitrary shell commands in its context.....
6.9AI Score
0.0004EPSS
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware...
6.9AI Score
0.0004EPSS