Lucene search

K

WooODT Lite – WooCommerce Order Delivery Or Pickup With Date Time Location Security Vulnerabilities

qualysblog
qualysblog

Polyfill.io Supply Chain Attack

The polyfill.js is a popular open-source library that supports older browsers. Thousands of sites embed it using the cdn[.]polyfill[.]io domain. In February 2024, a Chinese company (Funnull) bought the domain and the GitHub account. The company has modified Polyfill.js so malicious code would be...

7.7AI Score

2024-06-29 01:31 AM
2
openbugbounty
openbugbounty

bartlettltd.co.uk Cross Site Scripting vulnerability OBB-3939500

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-29 01:20 AM
7
cve
cve

CVE-2024-28795

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2023-50952

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2024-31898

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2024-28794

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2024-28797

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2024-28798

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2023-35022

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
4
cve
cve

CVE-2024-35119

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2023-50964

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
cve
cve

CVE-2023-50953

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
9
cve
cve

CVE-2023-50954

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
2
cve
cve

CVE-2024-31902

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-29 12:50 AM
3
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found...

7.2AI Score

2024-06-29 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-34102

🚨 CVE-2024-34102 Exploit Script 🚨 Description This...

9.8CVSS

9.6AI Score

0.038EPSS

2024-06-28 11:33 PM
40
debiancve
debiancve

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

6.7AI Score

0.0004EPSS

2024-06-28 11:15 PM
8
nvd
nvd

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

0.0004EPSS

2024-06-28 11:15 PM
2
cve
cve

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

6.9AI Score

0.0004EPSS

2024-06-28 11:15 PM
11
ibm
ibm

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

4.8CVSS

6.2AI Score

0.0004EPSS

2024-06-28 10:45 PM
5
ibm
ibm

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...

7.5CVSS

7.8AI Score

0.003EPSS

2024-06-28 09:59 PM
5
ibm
ibm

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Psf Requests (CVE-2024-35195)

Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

5.6CVSS

6.1AI Score

0.0004EPSS

2024-06-28 09:20 PM
1
nvd
nvd

CVE-2024-38518

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....

4.6CVSS

0.0004EPSS

2024-06-28 09:15 PM
3
cve
cve

CVE-2024-39302

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

3.7CVSS

4.1AI Score

0.0004EPSS

2024-06-28 09:15 PM
10
nvd
nvd

CVE-2024-39302

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

3.7CVSS

0.0004EPSS

2024-06-28 09:15 PM
2
cve
cve

CVE-2024-38518

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....

4.6CVSS

4.7AI Score

0.0004EPSS

2024-06-28 09:15 PM
10
nvd
nvd

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...

3.5CVSS

0.0004EPSS

2024-06-28 09:15 PM
2
cve
cve

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...

3.5CVSS

4.4AI Score

0.0004EPSS

2024-06-28 09:15 PM
8
cve
cve

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

4.3CVSS

5.7AI Score

0.0004EPSS

2024-06-28 09:15 PM
22
nvd
nvd

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

4.3CVSS

0.0004EPSS

2024-06-28 09:15 PM
3
alpinelinux
alpinelinux

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-28 09:15 PM
9
debiancve
debiancve

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-28 09:15 PM
6
ibm
ibm

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...

3.1CVSS

7AI Score

0.001EPSS

2024-06-28 09:05 PM
1
osv
osv

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-28 09:05 PM
1
github
github

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-28 09:05 PM
2
cvelist
cvelist

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....

4.3CVSS

0.0004EPSS

2024-06-28 09:02 PM
ibm
ibm

Security Bulletin: IBM InfoSphere Information Server is vulnerable to server-side request forgery (CVE-2023-50952)

Summary A server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50952 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to server-side request forgery (SSRF). This may allow an authenticated...

6.3AI Score

EPSS

2024-06-28 08:52 PM
cvelist
cvelist

CVE-2024-39302 Some bbb-record-core files installed with wrong file permission

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

3.7CVSS

0.0004EPSS

2024-06-28 08:51 PM
1
cvelist
cvelist

CVE-2024-39307 Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...

3.5CVSS

0.0004EPSS

2024-06-28 08:44 PM
1
vulnrichment
vulnrichment

CVE-2024-39307 Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version...

3.5CVSS

7.5AI Score

0.0004EPSS

2024-06-28 08:44 PM
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...

9.8CVSS

9AI Score

0.005EPSS

2024-06-28 08:36 PM
1
cvelist
cvelist

CVE-2024-38518 bbb-web API additional parameters considered

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....

4.6CVSS

0.0004EPSS

2024-06-28 08:25 PM
3
openbugbounty
openbugbounty

televizori.ba Cross Site Scripting vulnerability OBB-3939488

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-28 08:17 PM
7
ibm
ibm

Security Bulletin: IBM InfoSphere Information Server low level authenticated user can view sensitive information (CVE-2024-31898)

Summary A vulnerability in IBM InfoSphere Information Server allowed a lower level authenticated user to view sensitive information. This vulnerabity was addressed. Vulnerability Details ** CVEID: CVE-2024-31898 DESCRIPTION: **IBM InfoSphere Information Server could allow an authenticated user to.....

5.8AI Score

EPSS

2024-06-28 08:16 PM
1
cve
cve

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents <?php system($_GET[0])...

9.8CVSS

10AI Score

0.0004EPSS

2024-06-28 08:15 PM
14
nvd
nvd

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents <?php system($_GET[0])...

9.8CVSS

0.0004EPSS

2024-06-28 08:15 PM
3
openbugbounty
openbugbounty

artgalleryfabrics.com Cross Site Scripting vulnerability OBB-3939486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-28 08:00 PM
5
ibm
ibm

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....

7.5CVSS

7AI Score

0.001EPSS

2024-06-28 07:56 PM
1
cvelist
cvelist

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents <?php system($_GET[0])...

9.8CVSS

0.0004EPSS

2024-06-28 07:27 PM
3
redhatcve
redhatcve

CVE-2024-38374

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

7.5CVSS

7.7AI Score

0.0005EPSS

2024-06-28 07:20 PM
1
Total number of security vulnerabilities2311477