Lucene search

K

1app Technologies, Inc Security Vulnerabilities

hackread
hackread

IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

By Waqas Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more. This is a post from HackRead.com Read the original post: IT and Cybersecurity Jobs in the Age of Emerging AI...

7.3AI Score

2024-04-19 02:07 PM
5
cve
cve

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi...

2.2CVSS

6.9AI Score

0.001EPSS

2024-05-07 05:15 PM
33
nessus
nessus

RHEL 5 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: buffer overflow in cachemgr.cgi (CVE-2016-4051) Squid, when transparent interception mode is...

7.5CVSS

8.6AI Score

0.964EPSS

2024-06-03 12:00 AM
debiancve
debiancve

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the...

6.6AI Score

0.0004EPSS

2024-05-17 03:15 PM
4
huawei
huawei

Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a...

6.5AI Score

EPSS

2024-04-24 12:00 AM
11
ubuntucve
ubuntucve

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the....

6.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
1
nvd
nvd

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 07:15 AM
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:0539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0539 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request...

7.5CVSS

7.6AI Score

0.005EPSS

2024-01-29 12:00 AM
11
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:0532)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0532 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request...

7.5CVSS

7.6AI Score

0.005EPSS

2024-01-29 12:00 AM
8
arista
arista

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

7AI Score

EPSS

2024-06-25 12:00 AM
cvelist
cvelist

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

5.9AI Score

0.001EPSS

2024-05-10 08:32 AM
nessus
nessus

GitLab Web UI Detection

GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...

0.8AI Score

2021-08-11 12:00 AM
28
ubuntucve
ubuntucve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
4
nvd
nvd

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 10:15 AM
cve
cve

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

6.7AI Score

0.001EPSS

2024-05-14 03:43 PM
9
vulnrichment
vulnrichment

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-10 08:32 AM
cve
cve

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

6.7AI Score

0.0004EPSS

2024-05-23 07:15 AM
50
nvd
nvd

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-17 06:15 AM
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:1134)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1134 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request...

7.5CVSS

7.8AI Score

0.005EPSS

2024-03-05 12:00 AM
7
nessus
nessus

SUSE SLED15 / SLES15 Security Update : amavisd-new (SUSE-SU-2019:0505-1)

This update for amavisd-new fixes the following issues : wmavisd-new was updated to version 2.11.1 (bsc#1123389) : removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 (bsc#987887) amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a....

7.8CVSS

8.2AI Score

0.0004EPSS

2019-02-27 12:00 AM
13
nvd
nvd

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 11:15 AM
cve
cve

CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) /...

7.3AI Score

0.0004EPSS

2024-04-01 03:15 AM
31
nvd
nvd

CVE-2024-32131

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-17 09:15 AM
2
vulnrichment
vulnrichment

CVE-2023-52635 PM / devfreq: Synchronize devfreq_monitor_[start/stop]

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

6.9AI Score

0.0004EPSS

2024-04-02 06:49 AM
cve
cve

CVE-2024-35298

Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. As a result, the user may become a victim of a phishing...

6.9AI Score

0.0004EPSS

2024-06-19 05:15 AM
23
cve
cve

CVE-2023-52350

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-05-06 03:15 PM
25
cve
cve

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

7.4AI Score

0.001EPSS

2024-05-14 03:43 PM
7
hackread
hackread

Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation Fraud

By Waqas Memcyco Inc., a provider of digital trust technology designed to protect companies and their customers from digital impersonation… This is a post from HackRead.com Read the original post: Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation...

7.3AI Score

2024-05-21 01:00 PM
5
cve
cve

CVE-2023-52346

In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...

6.2AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2023-52347

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2023-52344

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...

6.5AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2023-52349

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2023-52343

In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52352

In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
25
cve
cve

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-02 05:15 PM
39
cve
cve

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section...

8.2CVSS

7.1AI Score

0.001EPSS

2024-06-03 10:15 AM
14
cvelist
cvelist

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 06:46 AM
1
nvd
nvd

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-15 07:15 AM
1
nessus
nessus

RHEL 6 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...

9.8CVSS

8.7AI Score

0.957EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : sensu (RHSA-2018:0616)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0616 advisory. Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security Fix(es): * sensu: Password exposure in warn level log when...

9.8CVSS

9.6AI Score

0.006EPSS

2024-04-27 12:00 AM
3
cvelist
cvelist

CVE-2023-52635 PM / devfreq: Synchronize devfreq_monitor_[start/stop]

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

7.7AI Score

0.0004EPSS

2024-04-02 06:49 AM
cve
cve

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:3666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3666 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nessus
nessus

RHEL 7 : sensu (RHSA-2018:1112)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1112 advisory. Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security Fix(es): * Sensu's redaction function fails to handle the...

9.8CVSS

6.3AI Score

0.006EPSS

2024-04-27 12:00 AM
6
cve
cve

CVE-2023-43528

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...

6.1CVSS

6.6AI Score

0.0004EPSS

2024-05-06 03:15 PM
23
nessus
nessus

RHEL 7 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: segmentation fault in S_regmatch on negative backreference (CVE-2013-7422) perl: XSLoader loads...

7.8CVSS

8AI Score

0.035EPSS

2024-06-03 12:00 AM
cve
cve

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
osv
osv

CVE-2023-28842

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which.....

8.7CVSS

7.2AI Score

0.003EPSS

2023-04-04 10:15 PM
13
cve
cve

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
Total number of security vulnerabilities308550