Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6819-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-07 12:00 AM
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API...

9.8CVSS

9.5AI Score

0.96EPSS

2024-06-07 12:00 AM
35
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6818-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
2
openvas
openvas

Fedora: Security Advisory for ruff (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
osv
osv

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...

7.5AI Score

2024-06-06 09:46 PM
2
github
github

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...

7.5AI Score

2024-06-06 09:46 PM
4
github
github

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

7AI Score

2024-06-06 09:41 PM
6
osv
osv

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

7AI Score

2024-06-06 09:41 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
10
ibm
ibm

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

5.9CVSS

4.5AI Score

0.001EPSS

2024-06-06 03:07 PM
1
kitploit
kitploit

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

7.3AI Score

2024-06-06 12:30 PM
30
ics
ics

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

8.4AI Score

EPSS

2024-06-06 12:00 PM
4
ics
ics

Emerson Ovation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Ovation Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...

8.4AI Score

EPSS

2024-06-06 12:00 PM
4
ics
ics

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

6.5CVSS

7.4AI Score

0.001EPSS

2024-06-06 12:00 PM
3
ics
ics

Johnson Controls Software House iStar Pro Door Controller

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

6.3AI Score

0.0004EPSS

2024-06-06 12:00 PM
3
cve
cve

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.9AI Score

0.001EPSS

2024-06-06 02:15 AM
2
nvd
nvd

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

6.7AI Score

0.001EPSS

2024-06-06 02:15 AM
1
cvelist
cvelist

CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

6.7AI Score

0.001EPSS

2024-06-06 02:02 AM
1
f5
f5

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
7
packetstorm

7.4AI Score

2024-06-06 12:00 AM
77
nessus
nessus

Ubuntu 24.04 LTS : AOM vulnerability (USN-6815-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6815-1 advisory. Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote...

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : OpenJDK 8 vulnerabilities (USN-6810-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6810-1 advisory. It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with ...

3.7CVSS

5.6AI Score

0.001EPSS

2024-06-06 12:00 AM
1
nessus
nessus

Oracle Linux 9 : kernel (ELSA-2024-3619)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3619 advisory. - ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735} Tenable has extracted the...

7.5AI Score

0.0004EPSS

2024-06-06 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...

8.8CVSS

7.8AI Score

0.002EPSS

2024-06-06 12:00 AM
2
packetstorm

7.4AI Score

2024-06-06 12:00 AM
75
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libvpx vulnerability (USN-6814-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6814-1 advisory. Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx...

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 17 vulnerabilities (USN-6812-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6812-1 advisory. It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 21 vulnerabilities (USN-6813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6813-1 advisory. It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
2
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
openvas
openvas

Zyxel NAS Multiple Vulnerabilities (Jun 2024) - Active Check

Multiple Zyxel NAS devices are prone to multiple ...

9.8CVSS

8.2AI Score

0.937EPSS

2024-06-06 12:00 AM
11
nessus
nessus

Oracle Linux 8 : kernel (ELSA-2024-3618)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-06 12:00 AM
4
osv
osv

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.001EPSS

2024-06-05 04:56 PM
4
github
github

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.001EPSS

2024-06-05 04:56 PM
10
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
1
kitploit
kitploit

X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans

A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects...

6.3AI Score

2024-06-05 12:30 PM
6
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtwebsockets-5.15.14-1.fc40

The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-05 01:05 AM
118
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-6809-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6809-1 advisory. It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this...

5.7CVSS

10AI Score

0.001EPSS

2024-06-05 12:00 AM
1
ubuntu
ubuntu

Atril vulnerability

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages atril - Official Document Viewer of the MATE Desktop Environment Details It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability...

8.5CVSS

8.1AI Score

0.005EPSS

2024-06-05 12:00 AM
3
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Atril vulnerability (USN-6808-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6808-1 advisory. It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this...

8.5CVSS

7AI Score

0.005EPSS

2024-06-05 12:00 AM
1
f5
f5

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

9.8CVSS

7.5AI Score

0.006EPSS

2024-06-05 12:00 AM
9
nessus
nessus

RHEL 8 : kernel-rt (RHSA-2024:3627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3627 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
2
f5
f5

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

7.5CVSS

7.6AI Score

0.004EPSS

2024-06-05 12:00 AM
4
nessus
nessus

RHEL 9 : kernel (RHSA-2024:3619)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3619 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: sr: fix possible...

7.9AI Score

0.0004EPSS

2024-06-05 12:00 AM
2
f5
f5

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

9.8CVSS

9.6AI Score

0.014EPSS

2024-06-05 12:00 AM
10
nessus
nessus

AlmaLinux 8 : kernel-rt (ALSA-2024:3627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
nessus
nessus

AlmaLinux 8 : kernel update (Medium) (ALSA-2024:3618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-05 12:00 AM
3
nessus
nessus

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS : FRR vulnerabilities (USN-6807-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6807-1 advisory. It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash,...

9.8CVSS

8.1AI Score

0.029EPSS

2024-06-05 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GDK-PixBuf vulnerability (USN-6806-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6806-1 advisory. Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-05 12:00 AM
Total number of security vulnerabilities120205