Lucene search

K

SIMATIC ET200pro, IM 154-4 PN HF Security Vulnerabilities

cbl_mariner
cbl_mariner

CVE-2022-45639 affecting package sleuthkit 4.9.0-4

CVE-2022-45639 affecting package sleuthkit 4.9.0-4. No patch is available...

7.8CVSS

7.5AI Score

0.004EPSS

2024-06-18 09:08 AM
10
cbl_mariner
cbl_mariner

CVE-1999-0901 affecting package ypserv 4.1-4

CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...

6.9AI Score

0.0004EPSS

2024-06-18 09:08 AM
112
cbl_mariner
cbl_mariner

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

7.5CVSS

7AI Score

0.002EPSS

2024-06-18 09:08 AM
11
cbl_mariner
cbl_mariner

CVE-2022-25345 affecting package opus 1.3.1-4

CVE-2022-25345 affecting package opus 1.3.1-4. No patch is available...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-1999-0902 affecting package ypserv 4.1-4

CVE-1999-0902 affecting package ypserv 4.1-4. No patch is available...

6.9AI Score

0.0004EPSS

2024-06-18 09:08 AM
94
cbl_mariner
cbl_mariner

CVE-2007-1397 affecting package fish 3.1.2-4

CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...

7.5AI Score

0.171EPSS

2024-06-18 09:08 AM
2
cbl_mariner
cbl_mariner

CVE-2017-5834 affecting package libplist 2.1.0-4

CVE-2017-5834 affecting package libplist 2.1.0-4. No patch is available...

5.5CVSS

7.1AI Score

0.002EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2022-1941 affecting package mysql 8.0.35-4

CVE-2022-1941 affecting package mysql 8.0.35-4. No patch is available...

7.5CVSS

7.7AI Score

0.002EPSS

2024-06-18 09:08 AM
22
cbl_mariner
cbl_mariner

CVE-2022-20001 affecting package fish 3.1.2-4

CVE-2022-20001 affecting package fish 3.1.2-4. This CVE either no longer is or was never...

7.8CVSS

8AI Score

0.002EPSS

2024-06-18 09:08 AM
3
cbl_mariner
cbl_mariner

CVE-2013-7381 affecting package libnotify 0.7.9-4

CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...

9.8CVSS

7AI Score

0.003EPSS

2024-06-18 09:08 AM
9
cbl_mariner
cbl_mariner

CVE-2017-5836 affecting package libplist 2.1.0-4

CVE-2017-5836 affecting package libplist 2.1.0-4. No patch is available...

7.5CVSS

7.7AI Score

0.003EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2017-5835 affecting package libplist 2.1.0-4

CVE-2017-5835 affecting package libplist 2.1.0-4. No patch is available...

7.5CVSS

7.1AI Score

0.003EPSS

2024-06-18 09:08 AM
1
cbl_mariner
cbl_mariner

CVE-2023-25136 affecting package openssh 8.9p1-4

CVE-2023-25136 affecting package openssh 8.9p1-4. This CVE either no longer is or was never...

6.5CVSS

7AI Score

0.009EPSS

2024-06-18 09:08 AM
62
cbl_mariner
cbl_mariner

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

5.5CVSS

7.2AI Score

0.511EPSS

2024-06-18 09:08 AM
4
cbl_mariner
cbl_mariner

CVE-2000-0006 affecting package strace 5.16-4

CVE-2000-0006 affecting package strace 5.16-4. This CVE either no longer is or was never...

6.7AI Score

0.001EPSS

2024-06-18 09:08 AM
4
cbl_mariner
cbl_mariner

CVE-2020-14150 affecting package bison 3.1-4

CVE-2020-14150 affecting package bison 3.1-4. No patch is available...

5.5CVSS

7.5AI Score

0.0004EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2022-44793 affecting package net-snmp 5.9-4

CVE-2022-44793 affecting package net-snmp 5.9-4. No patch is available...

6.5CVSS

6.9AI Score

0.003EPSS

2024-06-18 09:08 AM
4
cbl_mariner
cbl_mariner

CVE-2018-14040 affecting package boost 1.66.0-4

CVE-2018-14040 affecting package boost 1.66.0-4. This CVE either no longer is or was never...

6.1CVSS

7.4AI Score

0.008EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2022-39348 affecting package python-twisted 20.3.0-4

CVE-2022-39348 affecting package python-twisted 20.3.0-4. No patch is available...

5.4CVSS

7.5AI Score

0.002EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...

7.5CVSS

7.5AI Score

0.003EPSS

2024-06-18 09:08 AM
1
cbl_mariner
cbl_mariner

CVE-2022-3857 affecting package libpng 1.6.37-4

CVE-2022-3857 affecting package libpng 1.6.37-4. No patch is available...

5.5CVSS

7.5AI Score

0.001EPSS

2024-06-18 09:08 AM
cbl_mariner
cbl_mariner

CVE-2022-3515 affecting package gnupg2 2.2.20-4

CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...

9.8CVSS

9.9AI Score

0.005EPSS

2024-06-18 09:08 AM
2
cbl_mariner
cbl_mariner

CVE-2022-44792 affecting package net-snmp 5.9-4

CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...

6.5CVSS

6.9AI Score

0.003EPSS

2024-06-18 09:08 AM
3
cbl_mariner
cbl_mariner

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4. This CVE either no longer is or was never...

5.7CVSS

7.5AI Score

0.0004EPSS

2024-06-18 09:08 AM
2
thn
thn

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into...

7AI Score

2024-06-18 07:38 AM
1
osv
osv

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....

5.7CVSS

6.9AI Score

EPSS

2024-06-17 10:28 PM
3
github
github

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....

5.7CVSS

6.9AI Score

EPSS

2024-06-17 10:28 PM
4
osv
osv

Firefly III has a MFA bypass in oauth flow

Impact A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an...

5.9CVSS

7.2AI Score

EPSS

2024-06-17 10:28 PM
3
nvd
nvd

CVE-2024-6065

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

EPSS

2024-06-17 09:15 PM
3
cve
cve

CVE-2024-6065

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

7.5AI Score

EPSS

2024-06-17 09:15 PM
4
cvelist
cvelist

CVE-2024-6065 itsourcecode Bakery Online Ordering System index.php sql injection

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

EPSS

2024-06-17 09:00 PM
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.1AI Score

2024-06-17 08:28 PM
3
debiancve
debiancve

CVE-2024-6062

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

3.3CVSS

7AI Score

EPSS

2024-06-17 08:15 PM
1
debiancve
debiancve

CVE-2024-6061

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch...

3.3CVSS

6.8AI Score

EPSS

2024-06-17 08:15 PM
nvd
nvd

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

EPSS

2024-06-17 07:15 PM
1
cve
cve

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

8.6AI Score

EPSS

2024-06-17 07:15 PM
4
nvd
nvd

CVE-2024-6056

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

EPSS

2024-06-17 06:15 PM
3
cve
cve

CVE-2024-6056

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

4.2AI Score

EPSS

2024-06-17 06:15 PM
4
cvelist
cvelist

CVE-2024-6056 nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

EPSS

2024-06-17 05:31 PM
1
osv
osv

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.6AI Score

EPSS

2024-06-17 03:09 PM
1
cve
cve

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...

6.2AI Score

EPSS

2024-06-17 02:15 PM
3
nvd
nvd

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...

EPSS

2024-06-17 02:15 PM
1
ibm
ibm

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details ** CVEID: CVE-2023-6004 DESCRIPTION: **libssh could allow a local...

5.9CVSS

8.6AI Score

EPSS

2024-06-17 11:59 AM
1
rosalinux
rosalinux

Advisory ROSA-SA-2024-2434

Software: giflib 5.2.1 OS: ROSA-CHROME package_evr_string: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the...

5.5CVSS

5.7AI Score

0.001EPSS

2024-06-17 09:09 AM
githubexploit
githubexploit

Exploit for CVE-2024-0757

CVE-2024-0757 (Exploit) Description The Insert or Embed...

8.3AI Score

0.0004EPSS

2024-06-17 07:46 AM
31
cve
cve

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-17 06:15 AM
12
packetstorm

7.4AI Score

2024-06-17 12:00 AM
20
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3953)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...

EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
Total number of security vulnerabilities313307