Gamipress – Link Security Vulnerabilities
Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go (essentially VADP 'VM' backup). Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...
8.9AI Score
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
7.1AI Score
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
0.0004EPSS
linux-nvidia-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
7.4AI Score
0.001EPSS
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...
4.6CVSS
0.0004EPSS
Security Bulletin: EDB Postgres Advanced Server (EPAS)
Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details ** CVEID: CVE-2023-41113 DESCRIPTION: **EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to...
9.8CVSS
8.7AI Score
0.001EPSS
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
7.2AI Score
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...
7.4AI Score
0.0004EPSS
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
7.2AI Score
0.0004EPSS
Event create can create attachments that link to other websites
Description Impact Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. Patches It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2 Workarounds Disable the calendar app References ...
4.6CVSS
6.6AI Score
0.0004EPSS
squashfs-tools security update
An update is available for squashfs-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SquashFS is a highly compressed read-only file system for Linux....
8.1CVSS
6.8AI Score
0.009EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...
8.1CVSS
6.7AI Score
0.009EPSS
Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
8.2CVSS
9.2AI Score
0.025EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
8.6AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
0.001EPSS
CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
0.001EPSS
CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
6.9AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
8.8AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
0.001EPSS
CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
7.2AI Score
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
6.4AI Score
0.001EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
4.3AI Score
0.0005EPSS
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
4.3AI Score
0.0005EPSS
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
0.0005EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
4.2AI Score
0.0005EPSS
CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
0.0005EPSS
7.1AI Score
0.0004EPSS
5.5CVSS
7.4AI Score
0.002EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
0.0004EPSS
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
6.9AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
7.4AI Score