typo3 Security fix for Flow Swift Mailer package
A remote code execution vulnerability has been found in the Swift Mailer library (swiftmailer/swiftmailer) recently. See this advisory for details. If you are not using the default mail() transport, this particular problem does not affect you. Upgrading is of course still...
8.1AI Score
typo3 Security fix for Flow Swift Mailer package
A remote code execution vulnerability has been found in the Swift Mailer library (swiftmailer/swiftmailer) recently. See this advisory for details. If you are not using the default mail() transport, this particular problem does not affect you. Upgrading is of course still...
8.1AI Score
[SECURITY] [DSA 5706-1] libarchive security update
Debian Security Advisory DSA-5706-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2024 https://www.debian.org/security/faq Package : libarchive CVE ID : CVE-2024-26256 Debian Bug ...
7.8CVSS
8AI Score
0.001EPSS
Disclaimer This script is for educational and testing purposes...
9.8CVSS
9.7AI Score
0.973EPSS
[SECURITY] [DSA 5704-1] pillow security update
Debian Security Advisory DSA-5704-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : pillow CVE ID : CVE-2023-44271 CVE-2023-50447...
8.1CVSS
8.1AI Score
0.001EPSS
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX...
9.2CVSS
6.6AI Score
0.0004EPSS
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX...
8.8CVSS
9.1AI Score
0.001EPSS
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX...
7.8CVSS
9AI Score
0.0004EPSS
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX...
9.6CVSS
6.7AI Score
0.001EPSS
CVE-2024-4009 Replay Attack in KNX Secure Devices
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX...
9.2CVSS
9AI Score
0.0004EPSS
CVE-2024-4009 Replay Attack in KNX Secure Devices
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX...
9.2CVSS
6.7AI Score
0.0004EPSS
CVE-2024-4008 FDSK Leak in KNX Secure Devices
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX...
9.6CVSS
9.1AI Score
0.001EPSS
CVE-2024-4008 FDSK Leak in KNX Secure Devices
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX...
9.6CVSS
6.8AI Score
0.001EPSS
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
5.5CVSS
6.6AI Score
0.0004EPSS
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...
9.8CVSS
6.8AI Score
0.001EPSS
Archiver Path Traversal vulnerability in github.com/mholt/archiver
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges....
6.1CVSS
6AI Score
0.0004EPSS
registry-support: decompress can delete files outside scope via relative paths in...
8CVSS
7.8AI Score
0.0004EPSS
TYPO3 Remote Code Execution in third party library swiftmailer
TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code...
7.5AI Score
TYPO3 Remote Code Execution in third party library swiftmailer
TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code...
7.5AI Score
Cross-Site Scripting in third party library mso/idna-convert
Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document...
7AI Score
Cross-Site Scripting in third party library mso/idna-convert
Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document...
7AI Score
Arbitrary JavaScript execution due to using outdated libraries
Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC Generate a pdf file with a malicious script in the fontmatrix. (This will run alert(‘XSS’).) poc.pdf Run the app. In this PoC, I've used the...
8.3AI Score
0.0004EPSS
Arbitrary JavaScript execution due to using outdated libraries
Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC Generate a pdf file with a malicious script in the fontmatrix. (This will run alert(‘XSS’).) poc.pdf Run the app. In this PoC, I've used the...
6.5AI Score
0.0004EPSS
Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ANI files. An attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or to possibly execute arbitrary...
7.8CVSS
7.4AI Score
0.001EPSS
A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and this....
5.3CVSS
5.1AI Score
0.0004EPSS
Vulnerable embedded jQuery Version
Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS). Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...
7AI Score
Vulnerable embedded jQuery Version
Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS). Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...
7AI Score
Securing AI Development in the Cloud: Navigating the Risks and Opportunities
AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...
7.4AI Score
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...
7.9AI Score
Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2017-15708 DESCRIPTION:...
9.8CVSS
10AI Score
0.967EPSS
[SECURITY] Fedora 40 Update: qt5-qtwebchannel-5.15.14-1.fc40
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes...
6.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtimageformats-5.15.14-1.fc40
The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: kf5-kwayland-5.115.0-3.fc40
KDE Frameworks 5 library that wraps Client and Server Wayland...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: dwayland-5.25.0-6.fc40
Qt-style Client and Server library wrapper for the Wayland...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: kddockwidgets-1.7.0-10.fc40
Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in...
6.5AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Debian dsa-5704 : python-pil-doc - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5704 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5704-1 [email protected] ...
8.1CVSS
8.6AI Score
0.001EPSS
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.5CVSS
8.7AI Score
0.0005EPSS
RHEL 9 : libxml2 (RHSA-2024:3625)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3625 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: use-after-free in...
7.5CVSS
7.8AI Score
0.0005EPSS
K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343
Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...
9.8CVSS
7.5AI Score
0.006EPSS
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...
7.5CVSS
7.8AI Score
0.0005EPSS
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list....
9.4AI Score
0.0005EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages gdk-pixbuf - GDK Pixbuf library Details Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ANI files. An attacker could use...
7.8CVSS
8AI Score
0.001EPSS
Magical Addons For Elementor < 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization.....
6.4CVSS
5.8AI Score
0.001EPSS
RHEL 8 : libxml2 (RHSA-2024:3626)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3626 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: use-after-free...
7.5CVSS
7.3AI Score
0.0005EPSS
Debian dsa-5706 : libarchive-dev - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5706 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5706-1 [email protected] ...
7.8CVSS
7.7AI Score
0.001EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6806-1 advisory. Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ...
7.8CVSS
7.7AI Score
0.001EPSS
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...
7.5CVSS
7.1AI Score
0.0005EPSS
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...
7.5CVSS
7.5AI Score
0.0005EPSS
CVE-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to...
7.5CVSS
7.5AI Score
0.0005EPSS