CVE-2024-4297 HGiga iSherlock - Arbitrary File Download
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system...
4.9CVSS
7.1AI Score
0.001EPSS
CVE-2024-4297 HGiga iSherlock - Arbitrary File Download
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system...
4.9CVSS
5.5AI Score
0.001EPSS
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system...
4.9CVSS
5.2AI Score
0.001EPSS
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system...
4.9CVSS
7AI Score
0.001EPSS
CVE-2024-4296 HGiga iSherlock - Arbitrary File Download
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system...
4.9CVSS
5.6AI Score
0.001EPSS
FreeBSD : GLPI -- multiple vulnerabilities (5da8b1e6-0591-11ef-9e00-080027957747)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5da8b1e6-0591-11ef-9e00-080027957747 advisory. GLPI team reports: GLPI 10.0.15 Changelog (CVE-2024-29889, CVE-2024-31456) Note that Nessus...
7.7CVSS
7.6AI Score
0.0004EPSS
Fedora 40 : python3.8 (2023-c69d73674a)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c69d73674a advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.6AI Score
0.001EPSS
Fedora 40 : python2.7 (2024-93fad630de)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-93fad630de advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.7AI Score
0.001EPSS
Fedora 40 : python3.6 (2023-65c95a087d)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-65c95a087d advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.7AI Score
0.001EPSS
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...
8.9AI Score
0.971EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
Fedora 40 : python3.11 (2023-3c8c06b6bb)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-3c8c06b6bb advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.6AI Score
0.001EPSS
Fedora 40 : python3.9 (2023-0d125eb31d)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0d125eb31d advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.6AI Score
0.001EPSS
Fedora 40 : python3.10 (2023-254c1f3b69)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-254c1f3b69 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.6AI Score
0.001EPSS
Fedora 40 : python3.12 (2023-f3498cc9ee)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3498cc9ee advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.6AI Score
0.001EPSS
FreeBSD : powerdns-recursor -- denial of service (1af16f2b-023c-11ef-8791-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1af16f2b-023c-11ef-8791-6805ca2fa271 advisory. A crafted response from an upstream server the recursor has been configured to forward-recurse to...
7.5CVSS
6.8AI Score
0.0004EPSS
Fedora 40 : rust (2024-ab4573fb3b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ab4573fb3b advisory. Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not...
10CVSS
8AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....
6.3AI Score
0.0004EPSS
CVE-2022-48644 net/sched: taprio: avoid disabling offload when it was never enabled
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....
6.4AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate...
7.5CVSS
7.6AI Score
0.732EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...
9.8CVSS
7.4AI Score
0.732EPSS
RHEL 8 : RHUI 4.1.1 - Security Fixes and Enhancement Update (Important) (RHSA-2022:5602)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5602 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...
9.8CVSS
10AI Score
0.003EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b3affee8-04d1-11ef-8928-901b0ef714d4 advisory. Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due...
4.9CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f....
6.4AI Score
0.0004EPSS
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs.....
7.8CVSS
8.1AI Score
0.973EPSS
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2742)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2742 advisory. picketlink, keycloak: SAML request parser replaces special strings with system properties (CVE-2017-2582) hibernate-validator: Privilege...
7.5CVSS
7.5AI Score
0.018EPSS
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.18 (RHSA-2017:3216)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3216 advisory. picketlink, keycloak: SAML request parser replaces special strings with system properties (CVE-2017-2582) Note that Nessus has not tested for this...
6.5CVSS
6.5AI Score
0.002EPSS
FreeBSD : chromium -- multiple security fixes (7a42852d-0347-11ef-9f97-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a42852d-0347-11ef-9f97-a8a1599412c6 advisory. Type Confusion in ANGLE. (CVE-2024-4058) Out of bounds read in V8 API. (CVE-2024-4059) ...
8.8CVSS
9.5AI Score
0.001EPSS
CentOS 9 : python3.9-3.9.18-2.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.9-3.9.18-2.el9 build changelog. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an...
5.3CVSS
7AI Score
0.001EPSS
CentOS 9 : kernel-5.14.0-430.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-430.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA...
6.5CVSS
7.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these...
7.5CVSS
8.3AI Score
0.0004EPSS
Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
8.5AI Score
0.957EPSS
FreeBSD : Gitlab -- vulnerabilities (b857606c-0266-11ef-8681-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b857606c-0266-11ef-8681-001b217b3468 advisory. An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all...
8.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability in the GNU Tar archiver is related to improper handling of extension attributes in the PAX archive. Exploitation of the vulnerability could allow an attacker acting remotely to transmit special data to the application and cause a denial of service. special data to the application...
6.6AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bdfa6c04-027a-11ef-9c21-901b0e9408dc advisory. Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a...
6.5CVSS
6.9AI Score
0.0004EPSS
Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...
6.5CVSS
6.5AI Score
0.0004EPSS
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...
8.3AI Score
0.942EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through...
8.5CVSS
8.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
8.5CVSS
8.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
9.3CVSS
7.5AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
9.3CVSS
9.7AI Score
0.0005EPSS
CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through...
8.5CVSS
9AI Score
0.0004EPSS
CVE-2024-32709 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
9.3CVSS
9.8AI Score
0.0005EPSS
CVE-2024-32709 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
9.3CVSS
7.6AI Score
0.0005EPSS
CVE-2024-32710 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through...
8.5CVSS
9AI Score
0.0004EPSS