Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

cvelist
cvelist

CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-12 06:00 AM
2
redhatcve
redhatcve

CVE-2023-52741

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-&gt;read_into_pages() When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpages_fill_pages+0x14c/0x7e0 Call Trace: ...

6.9AI Score

0.0004EPSS

2024-06-12 12:27 AM
redhatcve
redhatcve

CVE-2021-47318

In the Linux kernel, the following vulnerability has been resolved: arch_topology: Avoid use-after-free for scale_freq_data Currently topology_scale_freq_tick() (which gets called from scheduler_tick()) may end up using a pointer to "struct scale_freq_data", which was previously cleared by...

7AI Score

0.0004EPSS

2024-06-12 12:09 AM
nessus
nessus

RHEL 9 : libreoffice (RHSA-2024:3835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.3AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : gdk-pixbuf2 (RHSA-2024:3834)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3834 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-12 12:00 AM
kaspersky
kaspersky

KLA68918 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Media Session can be exploited to cause denial of service or execute...

9AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

Debian dsa-5709 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5709 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5709-1 [email protected] ...

7.1AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : 389-ds-base (RHSA-2024:3837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3837 advisory. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-12 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
2
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

6.7AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 8 : kernel (RHSA-2024:3810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...

7.8CVSS

7.6AI Score

EPSS

2024-06-12 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1973-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1973-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...

9.8CVSS

6.9AI Score

0.001EPSS

2024-06-12 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1986-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1973-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via...

7.9AI Score

EPSS

2024-06-12 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:1986-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1986-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...

9.8CVSS

6.9AI Score

0.001EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : kernel-rt (RHSA-2024:3854)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3854 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 : kernel (RHSA-2024:3859)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SEV-ES / SEV-SNP...

5.6CVSS

8.1AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : ruby (RHSA-2024:3838)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS

8.1AI Score

EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 : protobuf-c (RHSA-2024:3812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fix(es): * protobuf-c: unsigned integer overflow in...

5.5CVSS

7AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : c-ares (RHSA-2024:3842)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3842 advisory. The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: Out of...

4.4CVSS

5.6AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 9 : kernel (RHSA-2024:3855)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SVM: improper check...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 / 9 : OpenShift Container Platform 4.15.17 (RHSA-2024:3676)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3676 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

8.1CVSS

8.3AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2024:1974-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1974-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-12 12:00 AM
1
krebs
krebs

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....

9.8CVSS

8.9AI Score

0.003EPSS

2024-06-11 10:57 PM
117
thn
thn

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....

9.8CVSS

6.7AI Score

0.957EPSS

2024-06-11 02:32 PM
1
rapid7blog
rapid7blog

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions (Serv-U FTP and Serv-U MFT). Successful exploitation of the vulnerability allows unauthenticated attackers to read...

8.6CVSS

7.9AI Score

0.001EPSS

2024-06-11 02:25 PM
4
nvd
nvd

CVE-2024-35683

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 02:15 PM
1
cve
cve

CVE-2024-35683

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-11 02:15 PM
22
vulnrichment
vulnrichment

CVE-2024-35683 WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-11 01:39 PM
2
cvelist
cvelist

CVE-2024-35683 WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 01:39 PM
2
ics
ics

Intrado 911 Emergency Gateway

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious...

8AI Score

EPSS

2024-06-11 12:00 PM
1
ics
ics

AVEVA PI Web API

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...

7.7AI Score

0.0004EPSS

2024-06-11 12:00 PM
2
ics
ics

AVEVA PI Asset Framework Client

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL...

7.3AI Score

0.0004EPSS

2024-06-11 12:00 PM
1
ics
ics

MicroDicom DICOM Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for Custom URL Scheme, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

8.8CVSS

7.9AI Score

0.0004EPSS

2024-06-11 12:00 PM
1
ics
ics

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...

6.9AI Score

0.0004EPSS

2024-06-11 12:00 PM
1
ics
ics

Schneider Electric APC Easy UPS Online Monitoring Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...

9.8CVSS

10AI Score

0.003EPSS

2024-06-11 12:00 PM
15
malwarebytes
malwarebytes

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....

6.8AI Score

2024-06-11 11:38 AM
1
malwarebytes
malwarebytes

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

6.9AI Score

2024-06-11 10:55 AM
5
ibm
ibm

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

9.1CVSS

10AI Score

0.001EPSS

2024-06-11 09:52 AM
15
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
6
nvd
nvd

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

0.001EPSS

2024-06-11 07:15 AM
3
cve
cve

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

9.5AI Score

0.001EPSS

2024-06-11 07:15 AM
29
cvelist
cvelist

CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

0.001EPSS

2024-06-11 06:44 AM
3
nvd
nvd

CVE-2024-35329

libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...

0.0004EPSS

2024-06-11 05:15 AM
2
cve
cve

CVE-2024-35329

libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...

6.5AI Score

0.0004EPSS

2024-06-11 05:15 AM
24
cve
cve

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
nvd
nvd

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
4
vulnrichment
vulnrichment

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 02:08 AM
1
cvelist
cvelist

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 02:08 AM
3
Total number of security vulnerabilities222224