Adobe Media Encoder < 23.6.6 / 24.0.0 < 24.4.1 Memory leak (APSB24-34)
The version of Adobe Media Encoder installed on the remote Windows host is prior to 23.6.6, 24.4.1. It is, therefore, affected by a vulnerability as referenced in the APSB24-34 advisory. Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-30278) Note that Nessus has not...
5.5CVSS
5.5AI Score
0.001EPSS
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due....
6.4CVSS
5.8AI Score
0.001EPSS
BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
Description The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
6.9AI Score
0.0005EPSS
Adobe Media Encoder < 23.6.6 / 24.0.0 < 24.4.1 Memory leak (APSB24-34) (macOS)
The version of Adobe Media Encoder installed on the remote macOS host is prior to 23.6.6, 24.4.1. It is, therefore, affected by a vulnerability as referenced in the APSB24-34 advisory. Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-30278) Note that Nessus has not...
5.5CVSS
5.3AI Score
0.001EPSS
A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the...
7.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:1969-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1969-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...
9.8CVSS
8.1AI Score
0.001EPSS
APSB24-38 : Security update available for Adobe FrameMaker Publishing Server
Adobe has released a security update for Adobe FrameMaker Publishing Server. This update addresses critical vulnerabilities. Successful exploitation could lead to privilege...
10CVSS
7.2AI Score
0.001EPSS
APSB24-34 : Security update available for Adobe Media Encoder
Adobe has released an update for Adobe Media Encoder. This update resolves an important vulnerability that could lead to memory...
5.5CVSS
7AI Score
0.001EPSS
Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create.....
6.5CVSS
6.9AI Score
0.0005EPSS
APSB24-43 : Security update available for Adobe Substance 3D Stager
Adobe has released an update for Adobe Substance 3D Stager. This update addresses a critical vulnerability in Adobe Substance 3D Stager. Successful exploitation could lead to arbitrary code execution in the context of the current...
7.8CVSS
7.8AI Score
0.001EPSS
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024 __ **End of support information ** As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version...
6.9AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1970-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1970-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...
9.8CVSS
8.1AI Score
0.001EPSS
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user...
5.5CVSS
5.7AI Score
0.001EPSS
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user...
5.5CVSS
0.001EPSS
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user...
0.001EPSS
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby (Docker Engine) prior to 20.10.11 treat the Content-Type...
7AI Score
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby (Docker Engine) prior to 20.10.11 treat the Content-Type...
7AI Score
Docker CLI leaks private registry credentials to registry-1.docker.io
Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...
7.5CVSS
6.4AI Score
0.001EPSS
Docker CLI leaks private registry credentials to registry-1.docker.io
Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...
7.5CVSS
6.4AI Score
0.001EPSS
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Impact A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...
6.3CVSS
6.5AI Score
0.0005EPSS
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Impact A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...
6.3CVSS
6.5AI Score
0.0005EPSS
7.5CVSS
7.3AI Score
0.0005EPSS
Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
Rancher Recreates Default User With Known Password Despite Deletion in...
9.8CVSS
6.8AI Score
0.003EPSS
Server-Side Request Forgery (SSRF)
langchain is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper restriction of requests in the Web Research Retriever component, allowing it to reach local addresses and enabling attackers to execute port scans, access local services, and potentially read...
4.8CVSS
6.9AI Score
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
Malicious Node on ComfyUI Steals Data from Crypto, Browser Users
Cryptocurrency users beware: A malicious ComfyUI node steals sensitive data like passwords, crypto wallet addresses, etc. Stay...
7.2AI Score
Cybersecurity CPEs: Unraveling the What, Why & How
Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs...
7.2AI Score
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus
Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and...
7.2AI Score
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to various methods (IsPrivate, IsLoopback, etc.) which do not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...
9.8CVSS
6.6AI Score
0.001EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12264)
An attacker residing on the LAN may choose to hijack a DHCP-client session that requests an IPv4 address. The attacker can send a multicast IP-address in the DHCP offer/ack message, which the victim system then incorrectly assigns. This vulnerability can be combined with CVE-2019-12259 to create...
7.5CVSS
7.3AI Score
0.011EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12258)
An attacker with the source and destination TCP-port and IP-addresses of a session can inject invalid TCP-segments into the flow, causing the TCP-session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome...
7.5CVSS
7.6AI Score
0.078EPSS
Hirschmann HiOS Switches Race Condition (CVE-2019-12263)
This vulnerability relies on a race-condition between the network task (tNet0) and the receiving application. It is very difficult to trigger the race on a system with a single CPU-thread enabled, and there is no way to reliably trigger a race on SMP targets. This plugin only works with...
8.1CVSS
8.1AI Score
0.018EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
8.4AI Score
EPSS
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...
9.8CVSS
7.8AI Score
0.002EPSS
Hirschmann HiOS Switches Heap-based Buffer Overflow (CVE-2019-12257)
DHCP packets may go past the local area network (LAN) via DHCP-relays, but are otherwise confined to the LAN. The DHCP-client may be used by VxWorks and in the bootrom. Bootrom, using DHCP/BOOTP, is only vulnerable during the boot-process. This vulnerability may be used to overwrite the heap,...
8.8CVSS
8.8AI Score
0.93EPSS
Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12260)
This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...
9.8CVSS
9.9AI Score
0.289EPSS
7.4AI Score
0.0004EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12262)
An attacker residing on the LAN can send reverse-ARP responses to the victim system to assign unicast IPv4 addresses to the target. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8CVSS
9.5AI Score
0.002EPSS
Hirschmann HiOS Switches Stack-based Buffer Overflow (CVE-2019-12256)
This vulnerability resides in the IPv4 option parsing and may be triggered by IPv4 packets containing invalid options. The most likely outcome of triggering this defect is that the tNet0 task crashes. This vulnerability can result in remote code execution. This plugin only works with Tenable.ot....
9.8CVSS
9.7AI Score
0.059EPSS
Hirschmann HiOS Switches Null Pointer Dereference (CVE-2019-12259)
This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way (e.g., using the API intended for assigning unicast-addresses). An attacker may use CVE-2019-12264 to incorrectly assign a multicast IP-address. An attacker on the same LAN as...
7.5CVSS
7.2AI Score
0.011EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12265)
The IGMPv3 reception handler does not expect packets to be spread across multiple IP-fragments. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
5.3CVSS
5.4AI Score
0.009EPSS
Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12261)
The impact of this vulnerability is a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...
9.8CVSS
9.9AI Score
0.065EPSS
Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255)
An attacker can either hijack an existing TCP-session and inject bad TCP-segments or establish a new TCP-session on any TCP-port listened to by the target. This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer...
9.8CVSS
10AI Score
0.926EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
5.3AI Score
0.0005EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
7AI Score
0.0005EPSS
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS