Lucene search

K

Ryzen™ Master Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-23692

CVE-2024-23692 Usage: go run hfs.go -h...

9.8CVSS

9.6AI Score

0.002EPSS

2024-06-17 08:46 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

7.8AI Score

EPSS

2024-06-15 04:44 PM
52
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

9.9CVSS

8.2AI Score

0.938EPSS

2024-06-14 07:09 PM
2
veracode
veracode

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:11 AM
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
nvd
nvd

CVE-2024-31162

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.001EPSS

2024-06-14 07:15 AM
nvd
nvd

CVE-2024-31163

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.0005EPSS

2024-06-14 07:15 AM
5
cve
cve

CVE-2024-31162

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

7.5AI Score

0.001EPSS

2024-06-14 07:15 AM
14
cve
cve

CVE-2024-31163

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-06-14 07:15 AM
13
vulnrichment
vulnrichment

CVE-2024-31163 ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

8.3AI Score

0.0005EPSS

2024-06-14 06:52 AM
2
cvelist
cvelist

CVE-2024-31163 ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.0005EPSS

2024-06-14 06:52 AM
2
veracode
veracode

Privilege Escalation

github.com/adguardteam/adguardhome is vulnerable to Privilege Escalation. The vulnerability is due to unprivileged attackers being able to overwrite the AdGuardHome binary, which allows an attacker to escalate privileges on the host...

7AI Score

0.0004EPSS

2024-06-14 06:45 AM
cvelist
cvelist

CVE-2024-31162 ASUS Download Master - OS Command Injection

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.001EPSS

2024-06-14 06:35 AM
2
nvd
nvd

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 04:15 AM
3
nvd
nvd

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

5.2AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cvelist
cvelist

CVE-2024-31161 ASUS Download Master - Arbitrary File Upload

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 03:53 AM
cvelist
cvelist

CVE-2024-31160 ASUS Download Master - Stored XSS

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 03:41 AM
cvelist
cvelist

CVE-2024-31159 ASUS Download Master - Reflected XSS

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 03:25 AM
1
vulnrichment
vulnrichment

CVE-2024-31159 ASUS Download Master - Reflected XSS

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

6.8AI Score

0.0004EPSS

2024-06-14 03:25 AM
cve
cve

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-14 02:15 AM
25
nvd
nvd

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 02:15 AM
3
cvelist
cvelist

CVE-2023-51507 WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 01:01 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

9.8CVSS

8.4AI Score

0.005EPSS

2024-06-14 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...

7.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

GitLab 16.10.0 < 16.10.6 / 16.11.0 < 16.11.3 (CVE-2024-5469)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. (CVE-2024-5469) Note that...

3.1CVSS

4AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
cve
cve

CVE-2024-33253

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing...

6.4AI Score

0.0004EPSS

2024-06-13 11:15 PM
15
nvd
nvd

CVE-2024-33253

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing...

0.0004EPSS

2024-06-13 11:15 PM
2
github
github

AdGuardHome privilege escalation vulnerability

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...

7AI Score

0.0004EPSS

2024-06-13 09:30 PM
cve
cve

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...

7.1AI Score

0.0004EPSS

2024-06-13 07:15 PM
16
nvd
nvd

CVE-2024-36589

An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...

0.0004EPSS

2024-06-13 07:15 PM
4
nvd
nvd

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...

0.0004EPSS

2024-06-13 07:15 PM
3
cve
cve

CVE-2024-36589

An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...

7.4AI Score

0.0004EPSS

2024-06-13 07:15 PM
16
nvd
nvd

CVE-2024-36586

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...

0.0004EPSS

2024-06-13 07:15 PM
2
cve
cve

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...

7.4AI Score

0.0004EPSS

2024-06-13 07:15 PM
15
nvd
nvd

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...

0.0004EPSS

2024-06-13 07:15 PM
2
cve
cve

CVE-2024-36586

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...

7.3AI Score

0.0004EPSS

2024-06-13 07:15 PM
18
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
ics
ics

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
1
ics
ics

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-06-13 12:00 PM
2
ics
ics

Siemens SCALANCE XM-400, XR-500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
cvelist
cvelist

CVE-2024-33253

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing...

0.0004EPSS

2024-06-13 12:00 AM
1
cvelist
cvelist

CVE-2024-36586

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...

0.0004EPSS

2024-06-13 12:00 AM
cvelist
cvelist

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...

0.0004EPSS

2024-06-13 12:00 AM
cvelist
cvelist

CVE-2024-36589

An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...

0.0004EPSS

2024-06-13 12:00 AM
cvelist
cvelist

CVE-2024-36588

An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
1
Total number of security vulnerabilities376905