Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

talos
talos

AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24947,CVE-2024-24946 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software...

8.2CVSS

8AI Score

0.0005EPSS

2024-05-28 12:00 AM
3
talos
talos

libigl readOFF stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities May 28, 2024 CVE Number CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp...

7.8CVSS

8.5AI Score

0.001EPSS

2024-05-28 12:00 AM
5
f5
f5

K000139794: Mozilla NSS vulnerability CVE-2023-5388

Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5...

6.7AI Score

0.0004EPSS

2024-05-28 12:00 AM
5
nessus
nessus

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : WebKitGTK vulnerabilities (USN-6788-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6788-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...

6.8AI Score

0.0005EPSS

2024-05-28 12:00 AM
1
nessus
nessus

Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix...

7.4AI Score

2024-05-28 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Netatalk vulnerabilities (USN-6786-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6786-1 advisory. It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to ...

10CVSS

7.6AI Score

0.007EPSS

2024-05-28 12:00 AM
6
nessus
nessus

RHEL 9 : kernel (RHSA-2024:3421)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3421 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

7.8CVSS

7.3AI Score

EPSS

2024-05-28 12:00 AM
nessus
nessus

Oracle Linux 8 : edk2 (ELSA-2024-3017)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...

9.4CVSS

6AI Score

0.006EPSS

2024-05-28 12:00 AM
5
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibreOffice vulnerability (USN-6789-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6789-1 advisory. Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into...

7.2AI Score

0.0004EPSS

2024-05-28 12:00 AM
2
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : amavisd-new vulnerability (USN-6790-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6790-1 advisory. It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote...

7.2AI Score

0.0004EPSS

2024-05-28 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-5084

🚀 HashForm Exploit Script This script demonstrates the...

9.8CVSS

8.6AI Score

0.035EPSS

2024-05-27 08:04 PM
132
cve
cve

CVE-2024-36037

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-27 06:15 PM
31
nvd
nvd

CVE-2024-36037

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-05-27 06:15 PM
1
cve
cve

CVE-2024-36036

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...

4.2CVSS

6.2AI Score

0.0004EPSS

2024-05-27 06:15 PM
26
nvd
nvd

CVE-2024-36036

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...

4.2CVSS

4.2AI Score

0.0004EPSS

2024-05-27 06:15 PM
cve
cve

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-27 06:15 PM
27
nvd
nvd

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-27 06:15 PM
cvelist
cvelist

CVE-2024-36037 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-05-27 05:59 PM
3
vulnrichment
vulnrichment

CVE-2024-36037 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-27 05:59 PM
vulnrichment
vulnrichment

CVE-2024-36036 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...

4.2CVSS

6.3AI Score

0.0004EPSS

2024-05-27 05:58 PM
cvelist
cvelist

CVE-2024-36036 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...

4.2CVSS

4.2AI Score

0.0004EPSS

2024-05-27 05:58 PM
vulnrichment
vulnrichment

CVE-2024-27310 DOS Vulnerability

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-27 05:26 PM
cvelist
cvelist

CVE-2024-27310 DOS Vulnerability

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-27 05:26 PM
2
securelist
securelist

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI Score

2024-05-27 01:00 PM
9
kitploit
kitploit

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

7.4AI Score

2024-05-27 12:30 PM
16
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 Exploit Dolibarr...

8.8CVSS

7.4AI Score

0.008EPSS

2024-05-27 11:00 AM
144
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 Exploit Dolibarr...

8.8CVSS

7.4AI Score

0.008EPSS

2024-05-27 11:00 AM
88
redhatcve
redhatcve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.4AI Score

0.0004EPSS

2024-05-27 11:00 AM
3
nvd
nvd

CVE-2024-27314

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...

2.4CVSS

3.2AI Score

0.0004EPSS

2024-05-27 07:15 AM
1
cve
cve

CVE-2024-27314

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...

2.4CVSS

5.9AI Score

0.0004EPSS

2024-05-27 07:15 AM
30
cvelist
cvelist

CVE-2024-27314 Stored XSS Vulnerability

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...

2.4CVSS

3.2AI Score

0.0004EPSS

2024-05-27 07:03 AM
vulnrichment
vulnrichment

CVE-2024-27314 Stored XSS Vulnerability

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...

2.4CVSS

6AI Score

0.0004EPSS

2024-05-27 07:03 AM
f5
f5

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....

7.1AI Score

0.003EPSS

2024-05-27 12:00 AM
7
nessus
nessus

Ubuntu 24.04 LTS : python-cryptography vulnerability (USN-6673-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6673-3 advisory. USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: ...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
4
openvas
openvas

Fedora: Security Advisory for ruff (FEDORA-2024-ce2936b568)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for R (FEDORA-2024-07b7b83a4f)

The remote host is missing an update for...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)

The remote host is missing an update for...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-27 12:00 AM
githubexploit

8.8CVSS

7.3AI Score

0.008EPSS

2024-05-26 03:43 PM
142
kitploit
kitploit

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...

7.8AI Score

2024-05-26 12:30 PM
19
cve
cve

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 08:15 AM
25
nvd
nvd

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 08:15 AM
vulnrichment
vulnrichment

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 07:31 AM
2
cvelist
cvelist

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 07:31 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-4956

README.md CVE-2024-4956 Bulk Scanner Disclaimer ...

7.5CVSS

6.5AI Score

0.013EPSS

2024-05-26 06:50 AM
189
cve
cve

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 06:15 AM
27
nvd
nvd

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 06:15 AM
vulnrichment
vulnrichment

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-26 06:00 AM
1
cvelist
cvelist

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 06:00 AM
1
cve
cve

CVE-2024-5354

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

6.6AI Score

0.0004EPSS

2024-05-26 05:15 AM
25
nvd
nvd

CVE-2024-5354

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-26 05:15 AM
Total number of security vulnerabilities120185