aloyoga.com Cross Site Scripting vulnerability OBB-3931099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.9AI Score
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product...
7.6AI Score
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.112 release. It includes 1 security fix. * High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20 Google is aware that an...
7.3AI Score
donbass.ua Cross Site Scripting vulnerability OBB-3931096
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
2 Weeks Out: Evolution at RSAC 2024
Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging...
7.3AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1787-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1787-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update...
7.2AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages webkit2gtk - Web content engine library for GTK+ Details Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could...
6.9AI Score
0.0004EPSS
JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for...
8AI Score
7.4AI Score
7.4AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages amavisd-new - Interface between MTA and virus scanner/content filters Details It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote...
7.2AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages frr - FRRouting suite of internet protocols Details It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to cause FRR to crash, resulting in a denial of...
8.1AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages flask-security - Simple security for Flask apps (Python 3) Details Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary...
7.1AI Score
0.001EPSS
openSUSE 15 Security Update : libqt5-qtnetworkauth (openSUSE-SU-2024:0143-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0143-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). Tenable has extracted the preceding description block...
7.1AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages git - fast, scalable, distributed revision control system Details It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This...
7.6AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2024:1793-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1793-1 advisory. Update to OpenJDK 8u412 build 08 with OpenJ9 0.44.0 virtual machine: - CVE-2024-21094: Fixed C2 compilation failure with...
7.9AI Score
7.4AI Score
K000139794: Mozilla NSS vulnerability CVE-2023-5388
Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5...
6.7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : apache2 (SUSE-SU-2024:1788-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed...
7.5AI Score
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages netatalk - Apple Filing Protocol service Details It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to execute arbitrary...
7.2AI Score
0.007EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Netatalk vulnerabilities (USN-6786-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6786-1 advisory. It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to ...
7.6AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...
7AI Score
0.0004EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.5AI Score
0.0005EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages jinja2 - small but fast and easy to use stand-alone template engine Details It was discovered that Jinja2 incorrectly handled certain HTML attributes that were...
6AI Score
0.0004EPSS
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product...
7.3AI Score
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.7AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
policy.secureapi.com.au Cross Site Scripting vulnerability OBB-3931093
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
silverstripe/framework vulnerable to member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
silverstripe/framework vulnerable to member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
extranet.it-visions.de Cross Site Scripting vulnerability OBB-3931092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
silverstripe/framework uploaded PHP script execution in assets
A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...
7.2AI Score
silverstripe/framework uploaded PHP script execution in assets
A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...
7.2AI Score
silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...
7.3AI Score
silverstripe/framework code execution vulnerability
There is a vulnerability whereby arbitrary global functions may be executed if malicious user input is passed through to in the second argument of ViewableData::renderWith. This argument resolves associative arrays as template placeholders. This exploit requires that user code has been written...
7.3AI Score
expo-box.de Cross Site Scripting vulnerability OBB-3931089
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...
7.2AI Score
silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing...
7.2AI Score