Lucene search

K

KIWIZ Invoices Certification & PDF System Security Vulnerabilities

rocky
rocky

sssd security update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

gcc bug fix update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and...

7.3AI Score

2024-06-14 01:59 PM
rocky
rocky

libsoup bug fix and enhancement update

An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

libssh security update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

5.3CVSS

7.2AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

acl bug fix and enhancement update

An update is available for acl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1...

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

intel-cmt-cat bug fix and enhancement update

An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

tuned bug fix and enhancement update

An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10.....

6.8AI Score

2024-06-14 01:59 PM
osv
osv

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...

8.1CVSS

6.7AI Score

0.009EPSS

2024-06-14 01:59 PM
rocky
rocky

kexec-tools bug fix and enhancement update

An update is available for kexec-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....

6.8AI Score

2024-06-14 01:59 PM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

c-ares bug fix and enhancement update

An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

realmd bug fix and enhancement update

An update is available for realmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB),.....

7.8CVSS

7AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of.....

7AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

perl-HTTP-Tiny bug fix and enhancement update

An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

alsa-sof-firmware bug fix and enhancement update

An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....

6.8AI Score

2024-06-14 01:59 PM
rocky
rocky

traceroute security update

An update is available for traceroute. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The traceroute utility displays the route used by IP packets on their way....

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

`docker cp` allows unexpected chmod of host files in Moby Docker Engine in github.com/docker/docker

docker cp allows unexpected chmod of host files in Moby Docker Engine in...

6.3CVSS

6.3AI Score

0.0005EPSS

2024-06-14 01:41 PM
cve
cve

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 10:15 AM
18
nvd
nvd

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 10:15 AM
2
vulnrichment
vulnrichment

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-14 09:29 AM
14
cvelist
cvelist

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 09:29 AM
4
cve
cve

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-14 09:15 AM
9
nvd
nvd

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 09:15 AM
2
nvd
nvd

CVE-2024-37182

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

0.0004EPSS

2024-06-14 09:15 AM
2
cve
cve

CVE-2024-37182

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-06-14 09:15 AM
11
cvelist
cvelist

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

0.0004EPSS

2024-06-14 08:39 AM
1
vulnrichment
vulnrichment

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:39 AM
cvelist
cvelist

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 08:22 AM
1
veracode
veracode

Path Traversal

org.jenkins-ci.plugins:report-info is vulnerable to Path Traversal. The vulnerability is due to lack of path validation in the workspace directory, allowing attackers with Item/Configure permission to access restricted files on the controller file...

6.6AI Score

0.0004EPSS

2024-06-14 08:21 AM
cve
cve

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 08:15 AM
13
nvd
nvd

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

0.001EPSS

2024-06-14 08:15 AM
4
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
cvelist
cvelist

CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

0.001EPSS

2024-06-14 07:31 AM
5
vulnrichment
vulnrichment

CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 07:31 AM
nvd
nvd

CVE-2024-31162

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.001EPSS

2024-06-14 07:15 AM
nvd
nvd

CVE-2024-31163

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.0005EPSS

2024-06-14 07:15 AM
5
cve
cve

CVE-2024-31162

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

7.5AI Score

0.001EPSS

2024-06-14 07:15 AM
13
cve
cve

CVE-2024-31163

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-06-14 07:15 AM
12
vulnrichment
vulnrichment

CVE-2024-31163 ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

8.3AI Score

0.0005EPSS

2024-06-14 06:52 AM
2
cvelist
cvelist

CVE-2024-31163 ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.0005EPSS

2024-06-14 06:52 AM
2
thn
thn

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...

7.1AI Score

2024-06-14 06:45 AM
cvelist
cvelist

CVE-2024-31162 ASUS Download Master - OS Command Injection

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.001EPSS

2024-06-14 06:35 AM
2
veracode
veracode

Cross-site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting (XSS). The vulnerability is due to improper handling of file extensions containing malicious sequences in the output table listing, which requires access to the server's file system either directly or through synchronization to...

6.4AI Score

2024-06-14 05:52 AM
veracode
veracode

Code Injection

mlflow is vulnerable to Code Injection. The vulnerability is caused due to improper input validation in the _run_entry_point function within the projects/backend/local.py file. This vulnerability allows an attacker to execute arbitrary code on the victim's system by submitting a maliciously...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 05:37 AM
nvd
nvd

CVE-2024-3498

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference...

7.8CVSS

0.0004EPSS

2024-06-14 05:15 AM
1
cve
cve

CVE-2024-3498

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-14 05:15 AM
12
nvd
nvd

CVE-2024-3497

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

0.0004EPSS

2024-06-14 05:15 AM
1
cve
cve

CVE-2024-3496

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-06-14 05:15 AM
10
Total number of security vulnerabilities475601