Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

ics
ics

Inosoft VisiWin

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Inosoft Equipment: VisiWin Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM...

7.8CVSS

7.2AI Score

0.001EPSS

2024-05-30 12:00 PM
2
ics
ics

Westermo EDW-100

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

9.8CVSS

7.7AI Score

EPSS

2024-05-30 12:00 PM
2
ics
ics

Baxter Welch Allyn Connex Spot Monitor

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Connex Spot Monitor (CSM) Vulnerability: Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...

7AI Score

0.0004EPSS

2024-05-30 12:00 PM
25
ics
ics

Baxter Welch Allyn Configuration Tool

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Configuration Tool Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the unintended exposure of...

7AI Score

0.0004EPSS

2024-05-30 12:00 PM
cve
cve

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 06:15 AM
27
nvd
nvd

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 06:15 AM
vulnrichment
vulnrichment

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 05:33 AM
cvelist
cvelist

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 05:33 AM
openvas
openvas

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : PostgreSQL vulnerability (USN-6802-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6802-1 advisory. Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An...

3.1CVSS

6.9AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1742)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

7.5CVSS

7.5AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6797-1)

The remote host is missing an update for...

7.9CVSS

6.8AI Score

0.001EPSS

2024-05-30 12:00 AM
3
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : FFmpeg vulnerabilities (USN-6803-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6803-1 advisory. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An.....

8.3AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-36895

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
packetstorm

7.4AI Score

2024-05-30 12:00 AM
35
openvas
openvas

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : PyMySQL vulnerability (USN-6801-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6801-1 advisory. It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform...

8AI Score

0.0004EPSS

2024-05-30 12:00 AM
nessus
nessus

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

5.9CVSS

7.3AI Score

0.962EPSS

2024-05-30 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS

7.4AI Score

0.962EPSS

2024-05-30 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

7.5CVSS

7.5AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : browserify-sign vulnerability (USN-6800-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6800-1 advisory. It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an...

7.5CVSS

7.2AI Score

0.001EPSS

2024-05-30 12:00 AM
2
zeroscience
zeroscience

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...

7.5AI Score

2024-05-30 12:00 AM
43
githubexploit
githubexploit

Exploit for Injection in Glpi-Project Glpi

Exploit Script Utility...

9.8CVSS

8.2AI Score

0.975EPSS

2024-05-29 07:54 PM
63
debiancve
debiancve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
47
osv
osv

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
debiancve
debiancve

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
alpinelinux
alpinelinux

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
cve
cve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
37
alpinelinux
alpinelinux

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
35
debiancve
debiancve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
alpinelinux
alpinelinux

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
nvd
nvd

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
osv
osv

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
debiancve
debiancve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
alpinelinux
alpinelinux

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
nvd
nvd

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5.1AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
33
Total number of security vulnerabilities120129