Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

nessus
nessus

Debian dla-3826 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3826 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3826-1 [email protected] ...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3929)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.4AI Score

0.05EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 9 : nghttp2 (RHSA-2024:3875)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
googleprojectzero
googleprojectzero

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 12:00 AM
1
nessus
nessus

Fortinet FortiClient (FG-IR-24-170)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-170 advisory. DHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security...

7.6CVSS

7.5AI Score

0.0005EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 9 : expat (RHSA-2024:3926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...

7.5CVSS

10AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3877)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.2AI Score

0.05EPSS

2024-06-13 12:00 AM
1
redos
redos

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-13 12:00 AM
oraclelinux
oraclelinux

ruby security update

[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...

8.8CVSS

7.6AI Score

EPSS

2024-06-13 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-24-170) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-170 advisory. DHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security...

7.6CVSS

7.5AI Score

0.0005EPSS

2024-06-13 12:00 AM
nessus
nessus

Debian dla-3825 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
oraclelinux
oraclelinux

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ...

6.5CVSS

5.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

8.1CVSS

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
redos
redos

ROS-20240613-01

A vulnerability in the tls_new_ciphertext() function of the iPXE network boot standard is related to manipulation of the pad_len argument in the src/net/tls.c file of the TLS component. Exploitation of the vulnerability could allow an attacker acting remotely to disclose sensitive...

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
1
osv
osv

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

5.8AI Score

2024-06-12 07:43 PM
1
github
github

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

5.8AI Score

2024-06-12 07:43 PM
osv
osv

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

5.4AI Score

0.0004EPSS

2024-06-12 03:15 PM
2
cve
cve

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

5.9AI Score

0.0004EPSS

2024-06-12 03:15 PM
18
nvd
nvd

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

0.0004EPSS

2024-06-12 03:15 PM
cvelist
cvelist

CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

0.0004EPSS

2024-06-12 02:27 PM
3
cve
cve

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

8.2AI Score

0.0004EPSS

2024-06-12 02:15 PM
21
nvd
nvd

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 02:15 PM
2
nvd
nvd

CVE-2024-1576

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 02:15 PM
1
cve
cve

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

6.8AI Score

0.0004EPSS

2024-06-12 02:15 PM
18
cve
cve

CVE-2024-1576

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through...

7.5AI Score

0.0004EPSS

2024-06-12 02:15 PM
19
nvd
nvd

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

0.0004EPSS

2024-06-12 02:15 PM
3
cvelist
cvelist

CVE-2024-1659 Arbitrary File Upload in MegaBIP

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 01:48 PM
2
cvelist
cvelist

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...

0.0004EPSS

2024-06-12 01:47 PM
6
vulnrichment
vulnrichment

CVE-2024-1576 SQL Injection in MegaBIP

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through...

8.2AI Score

0.0004EPSS

2024-06-12 01:47 PM
cvelist
cvelist

CVE-2024-1576 SQL Injection in MegaBIP

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 01:47 PM
3
thn
thn

Lessons from the Snowflake Breaches

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's...

7.4AI Score

2024-06-12 11:25 AM
1
nvd
nvd

CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access....

4.4CVSS

0.0004EPSS

2024-06-12 11:15 AM
5
cve
cve

CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access....

4.4CVSS

4.4AI Score

0.0004EPSS

2024-06-12 11:15 AM
17
thn
thn

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-12 11:11 AM
1
cvelist
cvelist

CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access....

4.4CVSS

0.0004EPSS

2024-06-12 11:05 AM
3
vulnrichment
vulnrichment

CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access....

4.4CVSS

6AI Score

0.0004EPSS

2024-06-12 11:05 AM
1
schneier
schneier

Using AI for Political Polling

Public polling is a critical function of modern political campaigns and movements, but it isn't what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse.....

6.5AI Score

2024-06-12 11:02 AM
2
wired
wired

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single...

7.2AI Score

2024-06-12 10:30 AM
3
nvd
nvd

CVE-2023-40672

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-12 10:15 AM
2
cve
cve

CVE-2023-40672

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-12 10:15 AM
18
cvelist
cvelist

CVE-2023-40672 WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-12 09:36 AM
3
veracode
veracode

Arbitrary File Upload

aimeos/aimeos-core is vulnerable to an Arbitrary File Upload. The vulnerability is due to improper validation within the image upload function, allowing attackers to execute arbitrary PHP code by uploading a specially crafted...

7.6AI Score

0.0004EPSS

2024-06-12 08:52 AM
thn
thn

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

7AI Score

2024-06-12 08:47 AM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...

3.7CVSS

7.2AI Score

0.001EPSS

2024-06-12 06:36 AM
1
nvd
nvd

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-12 06:15 AM
2
cve
cve

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.4AI Score

0.0004EPSS

2024-06-12 06:15 AM
25
cvelist
cvelist

CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-12 06:00 AM
2
Total number of security vulnerabilities222224