Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
5.3CVSS
5AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
7.8CVSS
7.7AI Score
0.0004EPSS
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
7.8CVSS
8.1AI Score
0.0004EPSS
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
7.8CVSS
7.6AI Score
0.0004EPSS
CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...
5.6CVSS
6.9AI Score
0.0004EPSS
CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...
5.6CVSS
5.8AI Score
0.0004EPSS
CVE-2024-3487 Broken Authentication vulnerability in iManager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass...
3.5CVSS
4.4AI Score
0.0004EPSS
CVE-2024-3487 Broken Authentication vulnerability in iManager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass...
3.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-3486 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2024-3486 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-3485 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
5.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-3485 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
5.3CVSS
5.4AI Score
0.0004EPSS
CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
5.9AI Score
0.0004EPSS
CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
7AI Score
0.0004EPSS
CVE-2024-3483 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
7.8CVSS
8.3AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8.2AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.4AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
6.6AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
linux-hwe-5.15, linux-raspi vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
7.8CVSS
6.9AI Score
EPSS
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add,...
7.3CVSS
6.8AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...
7.8CVSS
7.2AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...
7.9CVSS
7.7AI Score
0.0004EPSS
According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....
8.7CVSS
7.9AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA75751)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...
4.3CVSS
7AI Score
0.0004EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization to SQL Injection
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function...
8.8CVSS
7.2AI Score
0.001EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization to Privilege Escalation
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with....
8.8CVSS
6.7AI Score
0.001EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
4.4AI Score
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
7AI Score
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
7.7AI Score
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
6.8AI Score
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
4.8AI Score
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
6.9AI Score
0.001EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
8.3AI Score
0.002EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
7AI Score
0.002EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
6.7CVSS
5.4AI Score
0.001EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
6.7CVSS
6.8AI Score
0.001EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
9.8CVSS
6.8AI Score
0.002EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
9.8CVSS
8.1AI Score
0.002EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
7.1AI Score
0.003EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
6.8AI Score
0.003EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
7.5AI Score
0.001EPSS