Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-06 12:00 AM
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.3AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:3666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3666 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
redos
redos

ROS-20240606-01

A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could...

8.2CVSS

6.9AI Score

0.002EPSS

2024-06-06 12:00 AM
2
redos
redos

ROS-20240606-08

A vulnerability in the Portainer container management platform is related to the use of open redirection. Exploitation of the vulnerability could allow an attacker to redirect a user to an arbitrary...

6.8AI Score

0.0004EPSS

2024-06-06 12:00 AM
2
osv
osv

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): ruby: Buffer overread...

7AI Score

EPSS

2024-06-06 12:00 AM
redos
redos

ROS-20240606-04

A vulnerability in the OTP component of the Erlang programming language is related to flaws in the authentication procedure. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. data, compromise its...

9.8CVSS

7.4AI Score

0.002EPSS

2024-06-06 12:00 AM
2
nessus
nessus

RHEL 9 : booth (RHSA-2024:3660)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3660 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

7.4CVSS

6.8AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 8 : booth (RHSA-2024:3657)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3657 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

7.4CVSS

6.8AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

PHP 8.3.x < 8.3.8 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.5AI Score

0.973EPSS

2024-06-06 12:00 AM
5
redos
redos

ROS-20240606-02

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of...

6.6AI Score

0.0004EPSS

2024-06-06 12:00 AM
2
nessus
nessus

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.5AI Score

0.973EPSS

2024-06-06 12:00 AM
5
redos
redos

ROS-20240606-06

A vulnerability in the yajl_tree_parse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...

6.5CVSS

6.6AI Score

0.001EPSS

2024-06-06 12:00 AM
2
redos
redos

ROS-20240606-03

Vulnerability of handle_chopping() function of Wireshark computer network traffic analyzer is related to a memory handling issue in EditCap. memory handling issue in EditCap. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in MONGO and....

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
4
redos
redos

ROS-20240606-07

Vulnerability in the MULTIPART_PART_HEADERS component of the open source web application firewall ModSecurity is related to improper analysis of HTTP requests. Exploitation of the vulnerability could allow an an attacker acting remotely to bypass the firewall's...

7.5CVSS

6.7AI Score

0.002EPSS

2024-06-06 12:00 AM
2
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

7AI Score

EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 9 : nghttp2 (RHSA-2024:3665)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3665 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

6AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nessus
nessus

RHEL 8 : ruby:3.3 (RHSA-2024:3670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8AI Score

EPSS

2024-06-06 12:00 AM
nessus
nessus

RHEL 9 : booth (RHSA-2024:3661)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3661 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...

7.4CVSS

6.5AI Score

0.001EPSS

2024-06-06 12:00 AM
1
nessus
nessus

RHEL 9 : ruby:3.1 (RHSA-2024:3668)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3668 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.3AI Score

EPSS

2024-06-06 12:00 AM
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
almalinux
almalinux

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
almalinux
almalinux

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...

9.7AI Score

0.0004EPSS

2024-06-06 12:00 AM
3
nessus
nessus

RHEL 8 : cockpit (RHSA-2024:3667)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
nessus
nessus

FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
nessus
nessus

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

9.8CVSS

9.3AI Score

0.973EPSS

2024-06-06 12:00 AM
almalinux
almalinux

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

6.3AI Score

EPSS

2024-06-06 12:00 AM
osv
osv

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

6.2AI Score

EPSS

2024-06-06 12:00 AM
2
osv
osv

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish...

6.9AI Score

2024-06-05 04:52 PM
1
github
github

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish...

6.9AI Score

2024-06-05 04:52 PM
1
osv

3.1CVSS

3.9AI Score

0.0004EPSS

2024-06-05 03:10 PM
2
github
github

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

8.1AI Score

2024-06-05 03:10 PM
2
osv
osv

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

8.1AI Score

2024-06-05 03:10 PM
wordfence
wordfence

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 03:01 PM
6
github
github

Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC Generate a pdf file with a malicious script in the fontmatrix. (This will run alert(‘XSS’).) poc.pdf Run the app. In this PoC, I've used the...

8.3AI Score

0.0004EPSS

2024-06-05 02:15 PM
4
osv
osv

Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC Generate a pdf file with a malicious script in the fontmatrix. (This will run alert(‘XSS’).) poc.pdf Run the app. In this PoC, I've used the...

6.5AI Score

0.0004EPSS

2024-06-05 02:15 PM
3
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
1
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
malwarebytes
malwarebytes

Say hello to the fifth generation of Malwarebytes

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here's what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now...

7.3AI Score

2024-06-05 12:37 PM
7
thn
thn

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in.....

7AI Score

2024-06-05 11:20 AM
1
thn
thn

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to.....

7.8AI Score

2024-06-05 10:10 AM
1
malwarebytes
malwarebytes

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens...

7.4AI Score

2024-06-05 10:03 AM
7
osv
osv

CVE-2024-4743

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS

7.2AI Score

0.0005EPSS

2024-06-05 09:15 AM
redhatcve
redhatcve

CVE-2024-28103

A flaw was found in rubygem-actionpack. Since version 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML-related Content-Type. This vulnerability is fixed in versions 6.1.7.8, 7.0.8.2, and...

9.8CVSS

5.3AI Score

0.001EPSS

2024-06-05 08:30 AM
11
nvd
nvd

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it...

4.3CVSS

4.4AI Score

0.001EPSS

2024-06-05 08:15 AM
1
cve
cve

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it...

4.3CVSS

6.9AI Score

0.001EPSS

2024-06-05 08:15 AM
21
vulnrichment
vulnrichment

CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it...

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-05 07:34 AM
1
cvelist
cvelist

CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it...

4.3CVSS

4.4AI Score

0.001EPSS

2024-06-05 07:34 AM
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2017-15708 DESCRIPTION:...

9.8CVSS

10AI Score

0.967EPSS

2024-06-05 07:14 AM
thn
thn

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows...

7.3AI Score

2024-06-05 06:22 AM
1
Total number of security vulnerabilities222221