Lucene search

K

SCALANCE X307-2 EEC (2x 230V, Coated) Security Vulnerabilities

nvd
nvd

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

0.0004EPSS

2024-06-26 05:15 PM
3
nvd
nvd

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

0.0004EPSS

2024-06-26 05:15 PM
cvelist
cvelist

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

0.0004EPSS

2024-06-26 05:06 PM
3
vulnrichment
vulnrichment

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

6.8AI Score

0.0004EPSS

2024-06-26 05:06 PM
4
cvelist
cvelist

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

0.0004EPSS

2024-06-26 05:06 PM
4
vulnrichment
vulnrichment

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...

6.8AI Score

0.0004EPSS

2024-06-26 05:06 PM
5
cvelist
cvelist

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...

0.0004EPSS

2024-06-26 05:06 PM
5
impervablog
impervablog

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

7AI Score

2024-06-26 05:03 PM
6
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

9.8CVSS

10AI Score

EPSS

2024-06-26 04:06 PM
11
github
github

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported and was assigned CVE-2024-3832. Both of these bugs were fixed in version 124.0.6367.60/.61....

8.8CVSS

7.6AI Score

0.007EPSS

2024-06-26 04:00 PM
2
talosblog
talosblog

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...

8.1CVSS

9.4AI Score

0.001EPSS

2024-06-26 04:00 PM
4
thn
thn

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

9.8CVSS

9.9AI Score

0.969EPSS

2024-06-26 02:57 PM
37
filippoio
filippoio

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...

7.3AI Score

2024-06-26 02:24 PM
2
malwarebytes
malwarebytes

[updated] Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

7.4AI Score

2024-06-26 02:16 PM
1
ibm
ibm

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068). Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION:...

7.5CVSS

9.2AI Score

EPSS

2024-06-26 02:14 PM
3
githubexploit
githubexploit

Exploit for Path Traversal in Apache Http Server

CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...

9.8CVSS

9.6AI Score

0.974EPSS

2024-06-26 01:57 PM
77
nuclei
nuclei

SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure

The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated...

7AI Score

0.001EPSS

2024-06-26 01:14 PM
1
ibm
ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2022-48554 DESCRIPTION: **File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr...

7.8CVSS

9.6AI Score

EPSS

2024-06-26 12:12 PM
2
cve
cve

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

4.4CVSS

4.9AI Score

0.0004EPSS

2024-06-26 11:15 AM
12
nvd
nvd

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

4.4CVSS

0.0004EPSS

2024-06-26 11:15 AM
2
malwarebytes
malwarebytes

Malwarebytes Premium Security stops 100% of malware during AV Lab test

Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

7AI Score

2024-06-26 10:55 AM
4
vulnrichment
vulnrichment

CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-26 10:54 AM
3
cvelist
cvelist

CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

4.4CVSS

0.0004EPSS

2024-06-26 10:54 AM
5
ibm
ibm

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...

9.8CVSS

10AI Score

EPSS

2024-06-26 09:20 AM
13
thn
thn

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through...

6.9AI Score

2024-06-26 07:38 AM
6
debiancve
debiancve

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....

7.1AI Score

0.0004EPSS

2024-06-26 05:15 AM
debiancve
debiancve

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-06-26 05:15 AM
nessus
nessus

Ubuntu 24.04 LTS : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6746-2 advisory. USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. ...

7.6AI Score

0.0004EPSS

2024-06-26 12:00 AM
nessus
nessus

Amazon Linux 2 : unbound (ALASUNBOUND-1.17-2024-002)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound...

8CVSS

6.7AI Score

0.0004EPSS

2024-06-26 12:00 AM
openvas
openvas

Debian: Security Advisory (DLA-3841-1)

The remote host is missing an update for the...

7.8CVSS

7.8AI Score

EPSS

2024-06-26 12:00 AM
2
photon
photon

Moderate Photon OS Security Update - PHSA-2024-5.0-0304

Updates of ['libxml2'] packages of Photon OS have been...

9.8CVSS

10AI Score

0.001EPSS

2024-06-26 12:00 AM
1
packetstorm

7.4AI Score

2024-06-26 12:00 AM
56
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2198-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2198-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ....

7.8AI Score

EPSS

2024-06-26 12:00 AM
talos
talos

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-26 12:00 AM
3
nessus
nessus

RHEL 9 : kernel-rt (RHSA-2024:4106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

8.2AI Score

0.0004EPSS

2024-06-26 12:00 AM
2
nessus
nessus

Hanwha Vision Multiple Products Denial of Service (CVE-2023-31994)

Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R...

5.3CVSS

7.1AI Score

0.001EPSS

2024-06-26 12:00 AM
2
exploitdb

7.4AI Score

2024-06-26 12:00 AM
60
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2195-1 advisory. - Fix bsc#1224158 - this fixes: CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...

8.1CVSS

7AI Score

EPSS

2024-06-26 12:00 AM
nessus
nessus

Debian dla-3844 : git - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3844 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3844-1 [email protected] ...

9CVSS

7.8AI Score

0.087EPSS

2024-06-26 12:00 AM
nessus
nessus

Hanwha Vision Multiple Products Command Injection (CVE-2023-31996)

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-26 12:00 AM
nessus
nessus

Hanwha Vision Multiple Products Cross-site Scripting (CVE-2023-31995)

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

5.4CVSS

6.7AI Score

0.001EPSS

2024-06-26 12:00 AM
1
osv
osv

git - security update

Bulletin has no...

9CVSS

7AI Score

0.087EPSS

2024-06-26 12:00 AM
nessus
nessus

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

9.8CVSS

8AI Score

0.732EPSS

2024-06-26 12:00 AM
talos
talos

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-26 12:00 AM
1
nessus
nessus

RHEL 9 : kernel (RHSA-2024:4108)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4108 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: use...

8AI Score

0.0004EPSS

2024-06-26 12:00 AM
osv
osv

ffmpeg - security update

Bulletin has no...

8.1CVSS

6.7AI Score

0.002EPSS

2024-06-26 12:00 AM
4
nessus
nessus

Ubuntu 18.04 LTS : SQLite vulnerability (USN-6566-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6566-2 advisory. USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory...

7.3CVSS

8.2AI Score

0.001EPSS

2024-06-26 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0237)

The remote host is missing an update for...

7.5AI Score

2024-06-26 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6746-2)

The remote host is missing an update for...

7.3AI Score

0.0004EPSS

2024-06-26 12:00 AM
2
talos
talos

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress.....

7.5CVSS

7AI Score

0.0004EPSS

2024-06-26 12:00 AM
1
Total number of security vulnerabilities591150