Lucene search
K

30468 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.25 views

Photon OS 4.0: Nghttp2 PHSA-2023-4.0-0379

An update of the nghttp2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0379. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS8.3AI score0.82017EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/07/22 11:1 p.m.28 views

CVE-2023-50230 affecting package bluez for versions less than 5.63-5

CVE-2023-50230 affecting package bluez for versions less than 5.63-5. A patched version of the package is available...

8CVSS6.9AI score0.01493EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/22 5:20 p.m.26 views

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Summary This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory OOM kill. The issue...

7.5CVSS6.8AI score0.01392EPSS
Exploits1References7Affected Software2
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.10 views

CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6

CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6. An upgraded version of the package is available that resolves this issue...

7.3CVSS7.7AI score0.02003EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.13 views

CVE-2024-38583 affecting package kernel for versions less than 6.6.35.1-5

CVE-2024-38583 affecting package kernel for versions less than 6.6.35.1-5. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-8127 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: The issue is related to the get apcli conn info function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an OS command. This can be...

8.8CVSS8.6AI score0.02243EPSS
Exploits1References5
OSV
OSV
added 2024/07/19 3:6 p.m.4 views

CLSA-2024-1721401573 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

9.8CVSS6.8AI score0.08235EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/19 12:0 a.m.35 views

Oracle Essbase Multiple Vulnerabilities (July 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the July 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform Apache Xerces-C++. The supported version that is affected is 21.5.6...

8.8CVSS6.6AI score0.01381EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.8 views

PT-2024-37871 · Yith · Yith Essential Kit For Woocommerce

Name of the Vulnerable Software and Affected Versions: YITH Essential Kit for WooCommerce versions up to, and including, 2.34.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper authorization. This is due to a missing...

4.3CVSS6.7AI score0.0033EPSS
Exploits0References10
OSV
OSV
added 2024/07/18 3:22 p.m.13 views

GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources

Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...

5.4CVSS5.4AI score0.00305EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/07/18 3:6 a.m.2 views

SUSE CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sbaunmapsg Rolf Eike Beer reported the following bug: 1274934.746891 Bad Address null pointer deref?: Code=15 Data TLB miss fault at addr 0000004140000018 1274934.746891 CPU: 3 PID: 5549 Comm: cmake N...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/07/18 3:5 a.m.2 views

SUSE CVE-2022-48832

In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 2024/07/17 2:27 p.m.18 views

GHSA-CHX7-9X8H-R5MG Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload

Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch...

5.4CVSS5.2AI score0.00346EPSS
Exploits0References6
0day.today
0day.today
added 2024/07/17 12:0 a.m.439 views

Xenforo 2.2.15 Remote Code Execution Vulnerability

XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system. ----------------------------------------------------------------------- XenForo = 2.2.15 Template System Remote Code Execution Vulnerability...

8.8CVSS7.9AI score0.00885EPSS
Exploits3
OSV
OSV
added 2024/07/16 12:15 p.m.2 views

UBUNTU-CVE-2022-48780

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback...

5.5CVSS6.6AI score0.00225EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/07/16 10:15 a.m.12 views

CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...

6.4CVSS6.2AI score0.00328EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/07/16 9:20 a.m.18 views

CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

4.3CVSS7.3AI score0.04433EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.7 views

PT-2025-9506 · Apache · Apache Pinot

Name of the Vulnerable Software and Affected Versions: Apache Pinot versions prior to 1.3.0 Description: The issue is related to an authentication bypass vulnerability in Apache Pinot. If the path does not contain / and contains ., authentication is not required. This allows attackers to bypass...

10CVSS9.3AI score0.7819EPSS
Exploits0References39
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.5 views

PT-2024-5597

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM Enterprise Edition versions 20.3.14, 21.3.10 Description The issue is related to insufficient...

4.8CVSS6.8AI score0.00879EPSS
Exploits0References368
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.7 views

PT-2024-26765 · WordPress · Premium Portfolio Features For Phlox

Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget due to insufficient input sanitizati...

6.4CVSS5.9AI score0.00377EPSS
Exploits0References8
Rows per page
Query Builder