Lucene search

K

OMGF | Host Google Fonts Locally Security Vulnerabilities

cve
cve

CVE-2024-29778

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...

5.9AI Score

0.0004EPSS

2024-06-13 09:15 PM
12
cve
cve

CVE-2024-29780

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6AI Score

0.0004EPSS

2024-06-13 09:15 PM
12
osv
osv

CGA-qv5p-9m82-733m

Bulletin has no...

7.2AI Score

2024-06-13 08:04 PM
2
osv
osv

CGA-c8q8-c29m-7vmq

Bulletin has no...

7.2AI Score

2024-06-13 08:04 PM
2
osv
osv

Vulnerabilities with the k8sGPT

Summary Bunch of vulnerabilities found in k8sGPT. Fixed in release...

7.3AI Score

2024-06-13 07:39 PM
1
osv
osv

CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-13 07:39 PM
osv
osv

Cilium leaks sensitive information in cilium-bugtool

Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...

7.9CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:29 PM
2
osv
osv

CGA-xcg6-jg76-p7wq

Bulletin has no...

7.2AI Score

2024-06-13 07:04 PM
osv
osv

CGA-7f7r-5pp2-5g35

Bulletin has no...

7.2AI Score

2024-06-13 07:04 PM
osv
osv

CGA-x7jx-xpmr-jm33

Bulletin has no...

6.2AI Score

0.0004EPSS

2024-06-13 07:04 PM
osv
osv

CGA-frrf-2vc3-mfr3

Bulletin has no...

7.2AI Score

2024-06-13 07:04 PM
osv
osv

CGA-67p2-xfxv-mx53

Bulletin has no...

6.2AI Score

0.0004EPSS

2024-06-13 07:04 PM
osv
osv

CGA-2whj-v58w-p3cw

Bulletin has no...

7.2AI Score

2024-06-13 07:04 PM
osv
osv

Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS

6.8AI Score

0.0004EPSS

2024-06-13 06:31 PM
2
talosblog
talosblog

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

7.1AI Score

2024-06-13 06:00 PM
2
osv
osv

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7AI Score

0.0004EPSS

2024-06-13 04:15 PM
1
osv
osv

CGA-qwcg-8rgg-jfqm

Bulletin has no...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-qxv7-23p6-xhwj

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:06 PM
1
osv
osv

CGA-hfq8-fhqg-qhqx

Bulletin has no...

7.2AI Score

2024-06-13 04:06 PM
osv
osv

CGA-fcwq-p8wm-vvr9

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-qhxx-m9vp-c3pr

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-pq49-565p-4jxc

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:06 PM
osv
osv

CGA-98x5-2cwf-6r85

Bulletin has no...

7.2AI Score

2024-06-13 04:06 PM
osv
osv

CGA-5xwc-hffc-phx4

Bulletin has no...

7.2AI Score

2024-06-13 04:04 PM
1
osv
osv

CGA-28jv-3vhj-mh4f

Bulletin has no...

6.4AI Score

0.0004EPSS

2024-06-13 04:04 PM
osv
osv

CGA-q69c-3f5g-xcrc

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:04 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
osv
osv

CVE-2024-37306

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-13 03:15 PM
nvd
nvd

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

0.0004EPSS

2024-06-13 03:15 PM
3
cve
cve

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
osv
osv

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 03:15 PM
1
osv
osv

h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-42392) It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

9.8CVSS

7.9AI Score

0.518EPSS

2024-06-13 02:44 PM
osv
osv

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

7.7AI Score

0.0004EPSS

2024-06-13 02:15 PM
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
1
nvd
nvd

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

0.0004EPSS

2024-06-13 02:15 PM
1
cve
cve

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

3.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
15
vulnrichment
vulnrichment

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 02:10 PM
1
cvelist
cvelist

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

0.0004EPSS

2024-06-13 02:10 PM
5
thn
thn

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine....

7.5AI Score

2024-06-13 02:08 PM
2
cvelist
cvelist

CVE-2024-22333 IBM Maximo Application Suite information disclosure

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

0.0004EPSS

2024-06-13 01:55 PM
3
thn
thn

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a...

7.5AI Score

2024-06-13 01:55 PM
malwarebytes
malwarebytes

Update now! Google Pixel vulnerability is under active exploitation

Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability,...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 01:33 PM
2
redhatcve
redhatcve

CVE-2024-5967

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection...

6.9AI Score

EPSS

2024-06-13 12:43 PM
osv
osv

vte2.91 vulnerability

Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of...

7.1AI Score

0.0004EPSS

2024-06-13 12:35 PM
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
1
securelist
securelist

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

6.4CVSS

8.2AI Score

0.001EPSS

2024-06-13 10:00 AM
3
osv
osv

Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that.....

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-13 09:31 AM
1
githubexploit
githubexploit

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051 Analysis Overview CVE-2024-37051 is a...

9.3CVSS

6.8AI Score

0.001EPSS

2024-06-13 09:15 AM
51
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
12
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
Total number of security vulnerabilities661627