Lucene search
K

30456 matches found

Github Security Blog
Github Security Blog
added 2024/11/25 3:11 p.m.14 views

Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

7.3AI score
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/25 12:0 a.m.17 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2929)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : RDMA/ibsrp: Fix a deadlockCVE-2022-48930 netfilter: fix use-after-free in nfregisternethookCVE-2022-48912 protect the fetch of -fdfd in dodup2 fro...

8.4CVSS7.1AI score0.0032EPSS
Exploits1References44
GithubExploit
GithubExploit
added 2024/11/23 5:35 a.m.260 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134-poc CVE-2022-26134 is a Remote Code Exec...

9.8CVSS7.6AI score0.99999EPSS
Exploits75
OPENSUSE Linux
OPENSUSE Linux
added 2024/11/23 12:0 a.m.5 views

chromedriver-131.0.6778.85-1.1 on GA media (moderate)

chromedriver-131.0.6778.85-1.1 on GA media Announcement ID: openSUSE-SU-2024:14518-1 Rating: moderate Cross-References: CVE-2024-11395 CVSS scores: CVE-2024-11395 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

8.8CVSS6.9AI score0.00355EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/11/22 8:58 p.m.23 views

CVE-2024-21538 affecting package reaper for versions less than 3.1.1-15

CVE-2024-21538 affecting package reaper for versions less than 3.1.1-15. A patched version of the package is available...

8.7CVSS7.3AI score0.00873EPSS
Exploits0
CVE
CVE
added 2024/11/22 3:32 p.m.55 views

CVE-2024-37050

CVE-2024-37050 is a buffer copy vulnerability affecting QNAP QTS and QuTS hero prior to the fixed versions. The issue allows code execution by remote attackers who have gained administrator access, as described in multiple sources. Affected versions require upgrading to: QTS 5.2.1.2930 build 2024...

6.5CVSS7.1AI score0.00803EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/11/22 12:0 a.m.14 views

Microsoft Edge (Chromium-Based) Spoofing Vulnerability - Nov24

Microsoft Edge Chromium-Based is prone to a spoofing vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.9AI score0.00591EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/20 6:24 p.m.22 views

Rancher Helm Applications may have sensitive values leaked

Impact A vulnerability has been identified within Rancher Manager whereby applications installed via Rancher Manager Apps Catalog store their Helm values directly into the Apps Custom Resource Definition, resulting in any users with GET access to it to be able to read any sensitive information th...

6.2CVSS6.2AI score0.00371EPSS
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 2024/11/20 4:24 a.m.14 views

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management PLM Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 CVSS score: 7.5, could be exploited sans authentication to leak sensitive information. "This vulnerabili...

7.5CVSS6.7AI score0.01496EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.3 views

PT-2024-22850 · Kasda · Kasda Linksmart Router Kw6512

Name of the Vulnerable Software and Affected Versions: Kasda LinkSmart Router KW6512 versions = v1.3 Description: The issue is related to Multiple OS Command Injection vulnerabilities. An authenticated remote attacker can execute arbitrary OS commands via various cgi parameters. Recommendations:...

9.1CVSS8.6AI score0.00998EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/19 6:17 p.m.23 views

Security Bulletin: Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component

Summary Security vulnerability CVE-2024-39689 in Certifi python-certifi that is used by FileNet Content Manager and CP4BA - Filenet Content Manager Component in container Operator Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected...

7.5CVSS6.2AI score0.01049EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/19 6:3 p.m.22 views

Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

5.3CVSS6.9AI score0.00561EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2024/11/19 3:49 a.m.2 views

SUSE CVE-2024-50285

In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbdworkcache". It will cause OOM issue. ksmbd has a credit mechanism but it can'...

5.5CVSS6.2AI score0.0026EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.11 views

WordPress What Would Seth Godin Do Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software What Would Seth Godin Do Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51900 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 82273a1e93d0 Credits FX Required privilege...

6.5AI score0.00291EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.11 views

WordPress Wawp Plugin < 3.0.18 is vulnerable to Broken Authentication

Software Wawp Type Plugin Vulnerable versions 3.0.18 Fixed in 3.0.18 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-52475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4c22e2281ddc Credits stealthcopter...

6.5AI score0.01825EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.29 views

Cisco Firepower Management Center Software RCE (cisco-sa-openssh-rce-2024)

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Note that Nessu...

9.3CVSS7.2AI score0.99506EPSS
Exploits68References3
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.32 views

Cisco Firepower Management Center Software RCE (cisco-sa-openssh-rce-2024)

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Note that Nessu...

9.3CVSS7.2AI score0.99506EPSS
Exploits68References3
OSV
OSV
added 2024/11/18 3:24 p.m.17 views

SUSE-SU-2024:4036-1 Security update for httpcomponents-client, httpcomponents-core

This update for httpcomponents-client, httpcomponents-core fixes the following issues: httpcomponents-client: - Update to version 4.5.14 HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. HTTPCLIENT-2174: URIBuilder to return a new empty list instead of unmodifiable...

5.3CVSS6.3AI score0.08665EPSS
Exploits1References3
NVD
NVD
added 2024/11/18 3:15 p.m.33 views

CVE-2024-37155

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...

8.2CVSS0.00442EPSS
Exploits0References3
OSV
OSV
added 2024/11/18 3:6 p.m.19 views

CVE-2024-37155 OpenCTI May Bypass Introspection Restriction

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...

6.5CVSS6.5AI score0.00442EPSS
Exploits0References5
Rows per page
Query Builder