Lucene search

K

WooCommerce – Product Importer Security Vulnerabilities

nvd
nvd

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: ...

7.8CVSS

0.0004EPSS

2024-06-21 10:15 AM
5
cve
cve

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: ...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-21 10:15 AM
21
cve
cve

CVE-2024-6027

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-21 10:15 AM
27
nvd
nvd

CVE-2024-6027

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS

0.001EPSS

2024-06-21 10:15 AM
3
cvelist
cvelist

CVE-2024-6027 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS

0.001EPSS

2024-06-21 09:39 AM
6
vulnrichment
vulnrichment

CVE-2024-6027 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS

7.6AI Score

0.001EPSS

2024-06-21 09:39 AM
1
vulnrichment
vulnrichment

CVE-2024-31890 IBM i privilege escalation

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: ...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-21 09:39 AM
1
cvelist
cvelist

CVE-2024-31890 IBM i privilege escalation

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: ...

7.8CVSS

0.0004EPSS

2024-06-21 09:39 AM
6
thn
thn

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive...

8.6CVSS

6.8AI Score

0.343EPSS

2024-06-21 08:54 AM
17
malwarebytes
malwarebytes

US bans Kaspersky, warns: “Immediately stop using that software&#8221;

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....

7.1AI Score

2024-06-21 08:19 AM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-21 07:32 AM
4
ibm
ibm

Security Bulletin: Cryptography cipher update

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-21 04:27 AM
3
thn
thn

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....

6.9AI Score

2024-06-21 04:25 AM
24
ibm
ibm

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i [CVE-2024-31890].

Summary IBM i is vulnerable to a local user with command line access gaining elevated privilege due to a flaw in IBM TCP/IP Connectivity Utilities for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-06-21 04:24 AM
7
nessus
nessus

Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 / 3.7.x < 3.7.2.1 Privilege Escalation (2024-000005)

The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and...

7.1AI Score

0.0004EPSS

2024-06-21 12:00 AM
3
nessus
nessus

Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 RCE (2024-000004)

The version of Streamline NX Client installed on the remote host is prior to 3.231.0, 3.4.3.2, 3.5.1.202 or 3.6.2.2. It is, therefore, affected by a vulnerability as referenced in the 2024-000004 advisory. Improper restriction of communication channel to intended endpoints issue exists in Ricoh...

7.5AI Score

0.0004EPSS

2024-06-21 12:00 AM
5
cvelist
cvelist

CVE-2024-37672

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity...

0.001EPSS

2024-06-21 12:00 AM
vulnrichment
vulnrichment

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename...

7.3AI Score

0.001EPSS

2024-06-21 12:00 AM
nessus
nessus

Streamline NX Client Multiple Vulnerabilities (2024-000006, 2024-000007)

The version of Streamline NX Client installed on the remote host is prior to 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, or 3.6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-000006 and 2024-000007 advisories. Use of potentially dangerous...

7.4AI Score

0.0004EPSS

2024-06-21 12:00 AM
cvelist
cvelist

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded...

0.001EPSS

2024-06-21 12:00 AM
cvelist
cvelist

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename...

0.001EPSS

2024-06-21 12:00 AM
1
cvelist
cvelist

CVE-2024-37671

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page...

0.001EPSS

2024-06-21 12:00 AM
2
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. (CVE-2023-30630, CVE-2023-28321) Vulnerability Details ** CVEID: CVE-2023-27536 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...

7.1CVSS

7.5AI Score

0.002EPSS

2024-06-20 11:50 PM
7
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491)

Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491). A patch has been provided that updates the Dmidecode library. Vulnerability Details ** CVEID: CVE-2023-29491 DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a memory corruption...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-06-20 11:48 PM
4
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081) Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-20 11:41 PM
6
nvd
nvd

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

0.001EPSS

2024-06-20 10:15 PM
6
cve
cve

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

7.8AI Score

0.001EPSS

2024-06-20 10:15 PM
26
ibm
ibm

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2024-0853). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2024-0853 ...

5.3CVSS

6.2AI Score

0.001EPSS

2024-06-20 10:03 PM
3
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. (CVE-2023-30630) Vulnerability Details ** CVEID: CVE-2023-30630 DESCRIPTION: **Dmidecode could allow a local authetnicated attacker to bypass security...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-20 09:42 PM
2
nvd
nvd

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

0.0004EPSS

2024-06-20 09:15 PM
3
cve
cve

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

7.2AI Score

0.0004EPSS

2024-06-20 09:15 PM
23
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

5.3CVSS

7.6AI Score

EPSS

2024-06-20 08:39 PM
3
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS

10AI Score

0.005EPSS

2024-06-20 08:32 PM
5
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...

7.5CVSS

7.8AI Score

0.0005EPSS

2024-06-20 06:49 PM
5
ibm
ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability (CVE-2023-34053) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details **...

7.5CVSS

7.8AI Score

0.0005EPSS

2024-06-20 06:41 PM
1
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-24549]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by improper input validation by the HTTP/2 header [CVE-2024-24549]. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed....

6.6AI Score

0.0004EPSS

2024-06-20 06:26 PM
3
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat [CVE-2023-52425]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation [CVE-2023-52425]. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed....

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-20 06:24 PM
5
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less [CVE-2022-48624]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less, caused by a flaw with omitting shell_quote calls for LESSCLOSE in the close_altfile() function in filename.c [CVE-2022-48624]. Less is included as a Base OS package used by....

7AI Score

0.0004EPSS

2024-06-20 06:22 PM
2
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2020-8565]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by a flaw when kube-apiserver is using logLevel &gt;= 9 [CVE-2020-8565]. Kubernetes is included in the Speech utilities used by our service. This...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-06-20 06:20 PM
6
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2019-11250]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by storing credentials in the log by the client-go library [CVE-2019-11250]. Kubernetes is included in the Speech utilities used by our service. This...

6.5CVSS

5.5AI Score

0.001EPSS

2024-06-20 06:19 PM
5
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22259]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder [CVE-2024-22259]. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

8.1CVSS

6.3AI Score

0.0004EPSS

2024-06-20 06:17 PM
3
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-4408]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages [CVE-2023-4408]. ISC BIND is included as a Base OS package used by our Service Runtimes. This...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-20 06:14 PM
3
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones [CVE-2023-50387]. ISC BIND is included as a Base OS package used by our Service...

7.5CVSS

7AI Score

0.05EPSS

2024-06-20 06:07 PM
2
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion [CVE-2024-21634]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion, caused by a stack-based overflow in ion-java for applications [CVE-2024-21634]. Amazon Ion is a package used in our Speech Microservices. This vulnerabilitiy has been...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-20 06:03 PM
6
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50868]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when preparing an NSEC3 closest encloser proof. [CVE-2023-50868]. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabilitiy....

6.8AI Score

0.0005EPSS

2024-06-20 06:01 PM
2
talosblog
talosblog

Tabletop exercises are headed to the next frontier: Space

I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a real-world cyber attack or intrusion. As part of my role at Talos, I've read hundreds of tabletop...

9.8CVSS

8.2AI Score

0.321EPSS

2024-06-20 06:00 PM
3
ibm
ibm

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM.....

9.1CVSS

9.4AI Score

0.732EPSS

2024-06-20 04:51 PM
15
githubexploit
githubexploit

Exploit for CVE-2024-34470

HSC MailInspector - CVE-2024-34470 A critical...

7AI Score

0.001EPSS

2024-06-20 04:47 PM
175
ibm
ibm

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-50310 DESCRIPTION: **IBM CICS...

4.9CVSS

7AI Score

EPSS

2024-06-20 03:46 PM
5
ibm
ibm

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....

8CVSS

8.8AI Score

0.003EPSS

2024-06-20 03:31 PM
7
Total number of security vulnerabilities209716