Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : GIFLIB vulnerabilities (USN-6824-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6824-1 advisory. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this ...

8.8CVSS

7.8AI Score

0.004EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.9AI Score

0.0005EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6822-1 advisory. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were...

9.8CVSS

8.9AI Score

0.001EPSS

2024-06-10 12:00 AM
nessus
nessus

Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data...

8.8CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ADOdb vulnerabilities (USN-6825-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6825-1 advisory. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could...

9.1CVSS

7.4AI Score

0.006EPSS

2024-06-10 12:00 AM
packetstorm

7.4AI Score

2024-06-10 12:00 AM
70
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...

9.8CVSS

10AI Score

0.932EPSS

2024-06-09 02:18 PM
108
nvd
nvd

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
vulnrichment
vulnrichment

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-09 12:35 PM
cvelist
cvelist

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 12:35 PM
2
nvd
nvd

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 12:15 PM
4
cve
cve

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 12:15 PM
27
cvelist
cvelist

CVE-2024-33572 WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 12:00 PM
1
nvd
nvd

CVE-2023-52230

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:15 AM
3
nvd
nvd

CVE-2023-52232

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:15 AM
4
cve
cve

CVE-2023-52232

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 09:15 AM
28
cve
cve

CVE-2023-52230

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 09:15 AM
28
cvelist
cvelist

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:08 AM
5
vulnrichment
vulnrichment

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-09 09:08 AM
cvelist
cvelist

CVE-2023-52232 WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:06 AM
vulnrichment
vulnrichment

CVE-2023-52232 WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-09 09:06 AM
githubexploit
githubexploit

Exploit for CVE-2024-31819

CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...

8AI Score

0.003EPSS

2024-06-09 08:48 AM
75
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
6
githubexploit
githubexploit

Exploit for CVE-2024-29269

CVE-2024-29269 An issue discovered in Telesquare TLR-2005Ksh...

7AI Score

0.001EPSS

2024-06-08 10:06 PM
74
cve
cve

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 02:15 PM
20
nvd
nvd

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
vulnrichment
vulnrichment

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:03 PM
cvelist
cvelist

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:03 PM
cve
cve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
22
debiancve
debiancve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in...

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
1
nvd
nvd

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

0.0004EPSS

2024-06-08 01:15 PM
cvelist
cvelist

CVE-2024-36965 remoteproc: mediatek: Make sure IPI buffer fits in L2TCM

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

0.0004EPSS

2024-06-08 12:52 PM
4
wired
wired

Apple Is Coming for Your Password Manager

Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his...

7.3AI Score

2024-06-08 10:30 AM
4
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6821-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

8.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
3
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6820-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.9AI Score

0.0005EPSS

2024-06-07 12:00 AM
1
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6816-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6819-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-07 12:00 AM
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
30
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6818-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
2
openvas
openvas

Fedora: Security Advisory for ruff (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
github
github

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...

7.5AI Score

2024-06-06 09:46 PM
3
osv
osv

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...

7.5AI Score

2024-06-06 09:46 PM
2
github
github

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

7AI Score

2024-06-06 09:41 PM
6
osv
osv

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

7AI Score

2024-06-06 09:41 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
7
ibm
ibm

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

5.9CVSS

4.5AI Score

0.001EPSS

2024-06-06 03:07 PM
1
Total number of security vulnerabilities120129