Lucene search

K

SIGMA Lite & Lite + Security Vulnerabilities

rocky
rocky

bind and dhcp security update

An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the...

7.5CVSS

7.8AI Score

0.05EPSS

2024-06-14 01:59 PM
1
nessus
nessus

Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...

7.5CVSS

9.3AI Score

0.05EPSS

2024-06-14 12:00 AM
nvd
nvd

CVE-2024-37022

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

0.0004EPSS

2024-06-13 06:15 PM
1
nvd
nvd

CVE-2024-37029

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

0.0004EPSS

2024-06-13 06:15 PM
1
cve
cve

CVE-2024-37022

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-13 06:15 PM
11
cve
cve

CVE-2024-37029

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-13 06:15 PM
10
cvelist
cvelist

CVE-2024-37022 Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

0.0004EPSS

2024-06-13 05:25 PM
2
cvelist
cvelist

CVE-2024-37029 Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

0.0004EPSS

2024-06-13 05:23 PM
2
vulnrichment
vulnrichment

CVE-2024-37029 Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-13 05:23 PM
1
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
1
ics
ics

Fuji Electric Tellus Lite V-Simulator

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-Bound Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-13 12:00 PM
cve
cve

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 06:15 AM
11
nvd
nvd

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

0.001EPSS

2024-06-13 06:15 AM
1
vulnrichment
vulnrichment

CVE-2024-5787 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 05:34 AM
1
cvelist
cvelist

CVE-2024-5787 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

0.001EPSS

2024-06-13 05:34 AM
1
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
cve
cve

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 08:15 AM
17
nvd
nvd

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 08:15 AM
2
cvelist
cvelist

CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 07:32 AM
3
nvd
nvd

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 06:15 AM
2
cve
cve

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 06:15 AM
13
cvelist
cvelist

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 05:34 AM
vulnrichment
vulnrichment

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 05:34 AM
cve
cve

CVE-2024-5543

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.1CVSS

8.1AI Score

0.001EPSS

2024-06-12 02:15 AM
17
nvd
nvd

CVE-2024-5543

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.1CVSS

0.001EPSS

2024-06-12 02:15 AM
vulnrichment
vulnrichment

CVE-2024-5543 Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.1CVSS

7.6AI Score

0.001EPSS

2024-06-12 01:55 AM
cvelist
cvelist

CVE-2024-5543 Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.1CVSS

0.001EPSS

2024-06-12 01:55 AM
3
nvd
nvd

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 04:15 PM
1
cve
cve

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-11 04:15 PM
28
cvelist
cvelist

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 03:50 PM
vulnrichment
vulnrichment

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-11 03:50 PM
cve
cve

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 02:15 PM
17
nvd
nvd

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 02:15 PM
2
vulnrichment
vulnrichment

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-11 01:54 PM
cvelist
cvelist

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 01:54 PM
1
nessus
nessus

Oracle Linux 7 : bind, / bind-dyndb-ldap, / and / dhcp (ELSA-2024-3741)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3741 advisory. - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Speed up parsing of DNS messages with many different...

7.5CVSS

9.3AI Score

0.05EPSS

2024-06-11 12:00 AM
oraclelinux
oraclelinux

bind, bind-dyndb-ldap, and dhcp security update

bind [32:9.11.4-26.P2.16] - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Add missing design by contract tests to dns_catz* - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Do not use header_prev in expire_lru_headers...

7.5CVSS

7AI Score

0.05EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

7.5CVSS

7.4AI Score

0.05EPSS

2024-06-10 12:00 AM
nvd
nvd

CVE-2024-32821

Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
3
cve
cve

CVE-2024-32821

Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 01:15 PM
34
cvelist
cvelist

CVE-2024-32821 WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 12:16 PM
3
nvd
nvd

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...

9.1CVSS

0.0004EPSS

2024-06-09 12:15 PM
2
cve
cve

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-06-09 12:15 PM
29
vulnrichment
vulnrichment

CVE-2024-33565 WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...

9.1CVSS

6.9AI Score

0.0004EPSS

2024-06-09 12:01 PM
1
cvelist
cvelist

CVE-2024-33565 WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...

9.1CVSS

0.0004EPSS

2024-06-09 12:01 PM
1
nvd
nvd

CVE-2024-30485

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-09 11:15 AM
2
cve
cve

CVE-2024-30485

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-09 11:15 AM
29
Total number of security vulnerabilities8258