Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.7AI Score
0.002EPSS
7.6CVSS
6.6AI Score
0.0005EPSS
WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover
...
7.5CVSS
7.7AI Score
0.013EPSS
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....
1.8CVSS
3.7AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....
1.8CVSS
6.6AI Score
0.0004EPSS
CVE-2024-2364 Musicshelf Backup androidmanifest.xml backup
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....
1.8CVSS
4.1AI Score
0.0004EPSS
SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names. LFI for Lateral Movement? Gain SSH Access? ?file=../../../../../../../../home/user/.ssh/id_rsa ?file=../../../../../../../../home/user/.ssh/id_rsa-cert SSH Private Key...
7.2AI Score
Fedora: Security Advisory for slf4j (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: slf4j-1.7.32-12.fc40
The Simple Logging Facade for Java or (SLF4J) is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL). Logging API...
6.8AI Score
0.0004EPSS
Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2023-46218). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2023-46218 ...
6.5CVSS
6.4AI Score
0.001EPSS
Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec
Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...
7.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...
9.8CVSS
9.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
7.5AI Score
0.0004EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)
IBM SECURITY ADVISORY First Issued: Wed Mar 6 15:05:06 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory4.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
6.5CVSS
6.7AI Score
0.001EPSS
(RHSA-2024:1188) Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975) kernel: memory leak in drivers/hid/hid-elo.c...
8.8AI Score
0.002EPSS
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level...
6.7CVSS
6.5AI Score
0.0004EPSS
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don't yet have support for quantized types, which was added after migration to...
5.5CVSS
6.5AI Score
0.001EPSS
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
5.5CVSS
6.7AI Score
0.001EPSS
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was...
9.8CVSS
7.5AI Score
0.008EPSS
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these.....
8.8CVSS
6.8AI Score
0.006EPSS
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.In the affected...
8.8CVSS
7.4AI Score
0.871EPSS
A remote code execution risk when restoring backup files originating from Moodle 1.9 was...
9.8CVSS
7.7AI Score
0.007EPSS
BIT-percona-xtrabackup-2020-10997
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history...
6.5CVSS
6.5AI Score
0.001EPSS
BIT-percona-xtrabackup-binary-2020-10997
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history...
6.5CVSS
6.5AI Score
0.001EPSS
BIT-percona-xtrabackup-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE:....
6.5CVSS
6.7AI Score
0.001EPSS
BIT-percona-xtrabackup-binary-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE:....
6.5CVSS
6.7AI Score
0.001EPSS
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by...
6.5CVSS
6.7AI Score
0.001EPSS
6.5CVSS
7.1AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
7.3AI Score
0.0004EPSS
CVE-2023-52588 f2fs: fix to tag gcing flag on page during block migration
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency...
7.8AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:1188)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1188 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds write in...
8.1CVSS
8AI Score
0.002EPSS
7.4AI Score
0.0004EPSS
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation Vulnerability
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to...
7.5AI Score
0.0004EPSS
(RHSA-2024:1147) Moderate: rear security update
Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fix(es): rear: creates a world-readable initrd...
7.2AI Score
0.0004EPSS
Moderate: rear security update
Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fix(es): rear: creates a world-readable initrd...
5.5CVSS
7.2AI Score
0.0004EPSS
CentOS: Security Advisory for squid (CESA-2023:6805)
The remote host is missing an update for...
8.6CVSS
7.6AI Score
0.03EPSS
Moderate: rear security update
Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fix(es): rear: creates a world-readable initrd...
5.5CVSS
6.7AI Score
0.0004EPSS
Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure
Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data. PoC 1) There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These...
6AI Score
0.0004EPSS
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll."....
7.1AI Score
Artica Proxy Unauthenticated File Manager Vulnerability
Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel, CWE-552: Files or Directories...
7.5AI Score
0.0004EPSS
Multilaser RE160V / RE160 URL Manipulation Access Bypass Vulnerability
Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL...
8.8CVSS
6.7AI Score
0.004EPSS
Multilaser RE160V Header Manipulation Access Bypass Vulnerability
Multilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header...
7.2AI Score
0.0004EPSS
Multilaser RE160 Cookie Manipulation Access Bypass Vulnerability
Multilaser RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through cookie...
8.9AI Score
0.0004EPSS
RHEL 9 : rear (RHSA-2024:1147)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1147 advisory. Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It...
5.5CVSS
5.5AI Score
0.0004EPSS