Lucene search

K

OMICARD EDM 's SMS Security Vulnerabilities

openvas
openvas

Fedora: Security Advisory for galera (FEDORA-2024-6ea93e629b)

The remote host is missing an update for...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : nghttp2 (RHSA-2024:3763)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3763 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : idm:DL1 (RHSA-2024:3756)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3783)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

7.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : ipa (RHSA-2024:3760)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
openvas
openvas

Fedora: Security Advisory for nginx (FEDORA-2024-06e6dcbb42)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 12:00 AM
openvas
openvas

Fedora: Security Advisory for nginx (FEDORA-2024-2e4858330c)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 12:00 AM
7
cve
cve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.2AI Score

0.0004EPSS

2024-06-08 01:15 PM
24
nvd
nvd

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

0.0004EPSS

2024-06-08 01:15 PM
1
debiancve
debiancve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
vulnrichment
vulnrichment

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.7AI Score

0.0004EPSS

2024-06-08 12:53 PM
cvelist
cvelist

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

0.0004EPSS

2024-06-08 12:53 PM
2
kitploit
kitploit

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...

7.4AI Score

2024-06-08 12:30 PM
5
githubexploit

8.6CVSS

8.6AI Score

0.945EPSS

2024-06-08 10:17 AM
80
nessus
nessus

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1949-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1949-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has extracted the preceding description block...

8AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...

7AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...

5.6CVSS

5.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...

5.4CVSS

7.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:1936-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1936-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...

6.9AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:1935-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1935-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...

6.9AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....

5.6CVSS

5.5AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1945-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-06-08 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:1947-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1947-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). - CVE-2024-4603: Fixed DSA parameter checks for....

7.7AI Score

0.0004EPSS

2024-06-08 12:00 AM
ibm
ibm

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to server-side request forgery (CVE-2024-22329)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-07 10:22 PM
4
osv
osv

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7AI Score

2024-06-07 09:19 PM
github
github

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7AI Score

2024-06-07 09:19 PM
1
schneier
schneier

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI Score

2024-06-07 08:55 PM
4
ibm
ibm

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-07 07:32 PM
github
github

TYPO3 Denial of Service in Frontend Record Registration

TYPO3ā€™s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

7.1AI Score

2024-06-07 06:30 PM
osv
osv

TYPO3 Denial of Service in Frontend Record Registration

TYPO3ā€™s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

7.1AI Score

2024-06-07 06:30 PM
1
ibm
ibm

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2024-25026)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory.....

5.9CVSS

6.2AI Score

0.0004EPSS

2024-06-07 05:19 PM
impervablog
impervablog

Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerabilityā€“ identified as CVE-2024-4577 with an initial CVSS score of 9.8 ā€“ was discovered in....

9.8CVSS

10AI Score

0.932EPSS

2024-06-07 04:33 PM
12
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"ā€”the feature that, previously named "Location History," tracks user routes and trips based on a phoneā€™s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
4
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...

9.8CVSS

9.1AI Score

EPSS

2024-06-07 03:32 PM
6
ibm
ibm

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Tomcat (CVE-2023-45648, CVE-2023-42795, CVE-2023-42794)

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-45648 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer.....

5.9CVSS

7.5AI Score

0.01EPSS

2024-06-07 03:03 PM
7
ibm
ibm

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...

5.3CVSS

5.7AI Score

0.0005EPSS

2024-06-07 02:47 PM
2
ibm
ibm

Security Bulletin: The IBMĀ® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188

Summary IBMĀ® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188(Malicious File Upload). Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details ** CVEID: CVE-2023-45188 DESCRIPTION: **IBM Engineering.....

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-07 01:34 PM
thn
thn

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic...

7.5AI Score

2024-06-07 11:09 AM
1
ibm
ibm

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...

7.8CVSS

9.5AI Score

0.001EPSS

2024-06-07 11:06 AM
8
schneier
schneier

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....

7.4AI Score

2024-06-07 11:04 AM
3
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...

6.4AI Score

0.0004EPSS

2024-06-07 08:00 AM
1
thn
thn

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

7.7AI Score

2024-06-07 07:48 AM
veracode
veracode

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

6.4AI Score

0.0004EPSS

2024-06-07 07:33 AM
1
veracode
veracode

Information Exposure Through Misconfigured Permissions

Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...

6.4AI Score

0.0004EPSS

2024-06-07 07:23 AM
thn
thn

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...

7.2AI Score

2024-06-07 07:13 AM
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...

6.4AI Score

0.0004EPSS

2024-06-07 07:10 AM
veracode
veracode

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...

5.6AI Score

0.0004EPSS

2024-06-07 06:58 AM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....

7AI Score

0.0004EPSS

2024-06-07 06:51 AM
ibm
ibm

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...

7AI Score

0.0004EPSS

2024-06-07 06:47 AM
1
Total number of security vulnerabilities371614