Lucene search

K

Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

cvelist
cvelist

CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

EPSS

2024-06-25 04:11 PM
vulnrichment
vulnrichment

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

8.8AI Score

EPSS

2024-06-25 04:01 PM
cvelist
cvelist

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 04:01 PM
cvelist
cvelist

CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 03:53 PM
2
ibm
ibm

Security Bulletin: IBM Sterling B2B Integrator Standard Edition does not correctly restrict frame objects

Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...

6.6AI Score

EPSS

2024-06-25 03:49 PM
2
wordfence
wordfence

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

5.4AI Score

2024-06-25 03:38 PM
2
ibm
ibm

Security Bulletin: Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting ( CVE-2023-42014).

Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...

6.2AI Score

EPSS

2024-06-25 03:36 PM
2
nvd
nvd

CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before...

9.1CVSS

EPSS

2024-06-25 03:15 PM
1
debiancve
debiancve

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

6.5AI Score

EPSS

2024-06-25 03:15 PM
1
nvd
nvd

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before...

9.1CVSS

9.3AI Score

EPSS

2024-06-25 03:15 PM
7
cve
cve

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

6.8AI Score

EPSS

2024-06-25 03:15 PM
4
cve
cve

CVE-2024-39462

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

6.8AI Score

EPSS

2024-06-25 03:15 PM
3
cve
cve

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

6.8AI Score

EPSS

2024-06-25 03:15 PM
4
debiancve
debiancve

CVE-2024-39462

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

6.4AI Score

EPSS

2024-06-25 03:15 PM
1
debiancve
debiancve

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

6.5AI Score

EPSS

2024-06-25 03:15 PM
1
nvd
nvd

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

EPSS

2024-06-25 03:15 PM
nvd
nvd

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

7AI Score

EPSS

2024-06-25 03:15 PM
3
cve
cve

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

6.4AI Score

EPSS

2024-06-25 03:15 PM
4
nvd
nvd

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

EPSS

2024-06-25 03:15 PM
nvd
nvd

CVE-2024-39462

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

EPSS

2024-06-25 03:15 PM
debiancve
debiancve

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

6.5AI Score

EPSS

2024-06-25 03:15 PM
debiancve
debiancve

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

6.5AI Score

EPSS

2024-06-25 03:15 PM
nvd
nvd

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

6.8AI Score

EPSS

2024-06-25 03:15 PM
4
debiancve
debiancve

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108...

6.4AI Score

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

7.4AI Score

EPSS

2024-06-25 03:15 PM
2
nvd
nvd

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

EPSS

2024-06-25 03:15 PM
6
nvd
nvd

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

EPSS

2024-06-25 03:15 PM
cve
cve

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

6.4AI Score

EPSS

2024-06-25 03:15 PM
3
debiancve
debiancve

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

6.5AI Score

EPSS

2024-06-25 03:15 PM
cvelist
cvelist

CVE-2024-5806 MOVEit Transfer Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before...

9.1CVSS

EPSS

2024-06-25 03:04 PM
cvelist
cvelist

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

EPSS

2024-06-25 02:25 PM
3
cvelist
cvelist

CVE-2024-39462 clk: bcm: dvp: Assign ->num before accessing ->hws

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

EPSS

2024-06-25 02:25 PM
2
vulnrichment
vulnrichment

CVE-2024-39462 clk: bcm: dvp: Assign ->num before accessing ->hws

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

6.7AI Score

EPSS

2024-06-25 02:25 PM
1
cvelist
cvelist

CVE-2024-39461 clk: bcm: rpi: Assign ->num before accessing ->hws

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

EPSS

2024-06-25 02:25 PM
1
vulnrichment
vulnrichment

CVE-2024-39362 i2c: acpi: Unbind mux adapters before delete

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

7AI Score

EPSS

2024-06-25 02:22 PM
cvelist
cvelist

CVE-2024-39362 i2c: acpi: Unbind mux adapters before delete

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

EPSS

2024-06-25 02:22 PM
3
cvelist
cvelist

CVE-2024-39298 mm/memory-failure: fix handling of dissolved but not taken off from buddy pages

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

EPSS

2024-06-25 02:22 PM
2
vulnrichment
vulnrichment

CVE-2024-39298 mm/memory-failure: fix handling of dissolved but not taken off from buddy pages

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

7.2AI Score

EPSS

2024-06-25 02:22 PM
vulnrichment
vulnrichment

CVE-2024-37354 btrfs: fix crash on racing fsync and size-extending write into prealloc

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

7AI Score

EPSS

2024-06-25 02:22 PM
1
cvelist
cvelist

CVE-2024-37354 btrfs: fix crash on racing fsync and size-extending write into prealloc

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

EPSS

2024-06-25 02:22 PM
4
cvelist
cvelist

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

EPSS

2024-06-25 02:20 PM
2
cvelist
cvelist

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

EPSS

2024-06-25 02:16 PM
2
cve
cve

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

5.8AI Score

EPSS

2024-06-25 02:15 PM
1
nvd
nvd

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

EPSS

2024-06-25 02:15 PM
cve
cve

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

5CVSS

5.2AI Score

EPSS

2024-06-25 02:15 PM
7
nvd
nvd

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

5CVSS

EPSS

2024-06-25 02:15 PM
nvd
nvd

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

7.2CVSS

EPSS

2024-06-25 02:15 PM
Total number of security vulnerabilities888968