Lucene search
K

30457 matches found

Android Security Bulletins
Android Security Bulletins
added 2024/10/07 12:0 a.m.25 views

Android Security Bulletin October 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

9.8CVSS8.1AI score0.0146EPSS
Exploits18
Android Security Bulletins
Android Security Bulletins
added 2024/10/07 12:0 a.m.6 views

Wear OS Security Bulletin—October 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2024-10-05 or later from the October 2024 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

7.8AI score
Exploits0
CBLMariner
CBLMariner
added 2024/10/04 9:35 p.m.19 views

CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4

CVE-2022-3116 affecting package heimdal for versions less than 7.7.1-4. A patched version of the package is available...

7.5CVSS6.9AI score0.00885EPSS
Exploits0
CVE
CVE
added 2024/10/04 2:33 p.m.62 views

CVE-2024-47768

CVE-2024-47768 affects Lif Authentication Server (Lif). The vulnerability lies in the account recovery flow where there is no check to verify that the user has received the recovery email or entered the correct code. An attacker who knows the target’s email can supply the email and trigger a pass...

8.1CVSS8.1AI score0.00493EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/10/04 5:15 a.m.17 views

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

7.5CVSS7.1AI score0.00859EPSS
Exploits0References10
Debian
Debian
added 2024/10/03 6:50 p.m.41 views

[SECURITY] [DSA 5782-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5782-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2024 https://www.debian.org/security/faq -...

7.8CVSS8AI score0.00879EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:53 p.m.33 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.8AI score0.8581EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:39 p.m.6 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable and reported in Apache ActiveMQ

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, with vulnerability 264654 . Vulnerability Details IBM X-Force ID: 264654 DESCRIPTION: Apache ActiveMQ NMS could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Body...

8.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:33 p.m.46 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused ...

10CVSS9.7AI score0.99654EPSS
Exploits31Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.4 views

PT-2024-9618 · Gstreamer +7 · Gstreamer +7

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an out-of-bounds OOB read vulnerability in the gst avi subtitle parse gab2 chunk function within gstavisubtitle.c. This function reads the name length value directly fro...

9.8CVSS6.6AI score0.01344EPSS
Exploits1References255
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.2 views

PT-2024-9615

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description A vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of...

9.1CVSS6.8AI score0.01139EPSS
Exploits0References181
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.4 views

PT-2024-6649 · Atlassian +1 · Confluence +5

Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.11.3 and previous versions Apache Avro versions prior to 1.11.4 Bamboo Data Center and Server versions 9.2.1, 9.6.0, and 10.0.0-rc3 Bitbucket Data Center and Server versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0,...

9.3CVSS8.3AI score0.03278EPSS
Exploits0References45
OSV
OSV
added 2024/10/02 1:38 p.m.22 views

SUSE-SU-2024:3454-1 Security update for kubernetes1.28

This update of kubernetes1.28 fixes the following issues: - rebuild the package with the current go 1.23 security release bsc1229122...

7.5CVSS7.9AI score0.01127EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2024/10/02 5:56 a.m.30 views

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a...

10CVSS9.9AI score0.99976EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2024/10/01 4:19 p.m.16 views

8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.9AI score0.1502EPSS
Exploits0
Exploit DB
Exploit DB
added 2024/10/01 12:0 a.m.390 views

openSIS 9.1 - SQLi (Authenticated)

Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Date: 09.09.2024 Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux ...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.15 views

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

5.9CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.3 views

PT-2024-9585 · Gstreamer +8 · Gstreamer +8

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst matroska demux add wvpk header function...

9.8CVSS6.8AI score0.01344EPSS
Exploits3References202
Github Security Blog
Github Security Blog
added 2024/09/27 8:51 p.m.19 views

Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

Summary If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected...

6.1CVSS6.1AI score0.00383EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2024/09/27 9:2 a.m.777 views

Exploit for Special Element Injection in Google Android

CVE-2024-0044/A-307532206https://nvd.nist.gov/vuln/detail/CVE...

7.8CVSS7.8AI score0.0146EPSS
Exploits28
Rows per page
Query Builder