Lucene search

K

ALL NIPPON AIRWAYS CO., LTD Security Vulnerabilities

nvd
nvd

CVE-2023-5643

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel.....

7.8CVSS

7.7AI Score

0.001EPSS

2024-02-05 10:15 AM
1
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove...

7.8CVSS

7.4AI Score

0.0004EPSS

2024-03-11 12:00 AM
10
nvd
nvd

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through...

6.1CVSS

6.9AI Score

0.0005EPSS

2024-02-08 01:15 PM
1
cve
cve

CVE-2023-5643

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel.....

7.8CVSS

7.6AI Score

0.001EPSS

2024-02-05 10:15 AM
20
cnvd
cnvd

Command Execution Vulnerability in Green Alliance WAF of Beijing Shenzhou Green Alliance Technology Co. Ltd (CNVD-2024-07088)

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary...

7.9AI Score

2024-01-03 12:00 AM
69
cve
cve

CVE-2016-8769

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file....

6.7CVSS

6.6AI Score

0.001EPSS

2017-11-15 12:00 AM
33
cve
cve

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through...

7.1CVSS

6.9AI Score

0.0005EPSS

2024-02-08 01:15 PM
12
jvn
jvn

JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication (CWE-287) - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N|...

7.6AI Score

0.0004EPSS

2024-03-06 12:00 AM
13
osv
osv

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console (the Admin Console), a web-based application, was found to...

8.6CVSS

7AI Score

0.973EPSS

2023-05-23 07:54 PM
22
cert
cert

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description The....

10CVSS

10AI Score

EPSS

2021-12-15 12:00 AM
976
cnvd
cnvd

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-05880)

Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a SQL injection vulnerability, which can be exploited by...

7.8AI Score

2023-12-22 12:00 AM
8
prion
prion

Code injection

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-01-24 10:15 AM
4
packetstorm

7.4AI Score

0.0004EPSS

2024-02-21 12:00 AM
110
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

9.8CVSS

7.5AI Score

0.011EPSS

2024-05-02 12:00 AM
6
thn
thn

Generative AI Security - Secure Your Business in a World Powered by LLMs

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings....

6.9AI Score

2024-03-20 11:27 AM
29
nvd
nvd

CVE-2023-5249

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...

7CVSS

6.8AI Score

0.001EPSS

2024-02-05 10:15 AM
cve
cve

CVE-2023-5249

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...

7CVSS

6.7AI Score

0.001EPSS

2024-02-05 10:15 AM
12
cve
cve

CVE-2005-4747

Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default...

5.9AI Score

0.003EPSS

2006-03-28 11:00 AM
18
nvd
nvd

CVE-2005-4747

Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default...

5.6AI Score

0.003EPSS

2005-12-31 05:00 AM
cve
cve

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS

7.4AI Score

0.001EPSS

2024-02-05 10:15 PM
21
cnvd
cnvd

Command Execution Vulnerability in HZ Video Security Exchange Access System of Hangzhou HZ Data Technology Co.

Ltd. ("HZD"), founded in 2003, is a high-tech company specializing in R&D, production and sales in the field of data security and big data. A command execution vulnerability exists in the Hopscotch Video Security Exchange Access System of Hangzhou Hopscotch Data Technology Co., Ltd, which can be...

7.5AI Score

2024-01-04 12:00 AM
12
nvd
nvd

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS

5.8AI Score

0.001EPSS

2024-02-05 10:15 PM
malwarebytes
malwarebytes

Airbnb scam sends you to a fake Tripadvisor site, takes your money

One of my co-workers who works on Malwarebytes’ web research team just witnessed a real life example of how useful his work is in protecting people against scammers. Stefan decided to visit Amsterdam with his girlfriend, and found a very nice and luxurious apartment in Amsterdam on Airbnb. In the.....

7.1AI Score

2024-02-29 02:00 PM
12
cnvd
cnvd

Weak Password Vulnerability in Cloud Mirror Network Asset Vulnerability Scanning System of DeepTrust Technology Co.

CloudMirror Network Asset Vulnerability Scanning System is a new generation of vulnerability risk management products independently developed by DeepSense, combining years of practical experience in vulnerability mining and security services, to help users check the vulnerability risks of assets...

7AI Score

2024-01-09 12:00 AM
7
jvn
jvn

JVN#35928117: Protection mechanism failure in RevoWorks

RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. enable users to execute web browsers in the sandboxed environment isolated from the client's local environment. In the products, file exchange between the sandboxed environment and local environment is prohibited in...

6.9AI Score

0.0004EPSS

2024-02-29 12:00 AM
1
cnvd
cnvd

Logic flaw vulnerability in vastbase of Beijing Massive Data Technology Co.

vastbase is a massive database. A logic flaw vulnerability exists in vastbase, which can be exploited by an attacker to bypass all dynamic desensitization policies by constructing special SQL statements to view the original data before...

7.5AI Score

2024-01-04 12:00 AM
5
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
21
mskb
mskb

Language Accessory Pack for Microsoft 365

Language Accessory Pack for Microsoft 365 Language packs add additional display, help, and proofing tools to Microsoft 365. You can install additional language accessory packs after installing Microsoft 365. If a language accessory pack is described as having partial localization, some parts of...

7AI Score

2015-07-06 12:00 AM
14
cnvd
cnvd

Logic Flaw Vulnerability in the Integrated Management System of River Management System of Siltronic Ltd.

Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. A logic flaw vulnerability exists in the integrated river management system of Sicron Technology Limited, which can be exploited by an attacker to bypass system authentication and...

7.1AI Score

2024-01-04 12:00 AM
8
prion
prion

Input validation

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

9.8CVSS

9.4AI Score

0.002EPSS

2023-03-06 08:15 AM
5
github
github

Graylog vulnerable to instantiation of arbitrary classes triggered by API request

Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads.....

8.8CVSS

7.6AI Score

0.001EPSS

2024-02-07 06:23 PM
30
cve
cve

CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-02-14 10:15 PM
24
thn
thn

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....

6.8AI Score

2024-04-22 10:22 AM
10
hackread
hackread

Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack

By Deeba Ahmed Ripple’s co-founder Chris Larsen has acknowledged that his personal XRP wallet was hacked. This is a post from HackRead.com Read the original post: Ripple Co-Founder's Personal XRP Wallet Breached in $112 Million...

7.3AI Score

2024-02-01 12:24 PM
10
cve
cve

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure...

6.7CVSS

6.4AI Score

0.0004EPSS

2024-02-14 10:15 PM
12
ics
ics

Franklin Fueling System EVO 550/5000

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling System Equipment: EVO 550, EVO 5000 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read arbitrary...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-03-19 12:00 PM
15
cve
cve

CVE-2023-30562

A GRE dataset file within Systems Manager can be tampered with and distributed to...

6.7CVSS

6.5AI Score

0.0004EPSS

2023-07-13 08:15 PM
17
cvelist
cvelist

CVE-2024-24877 WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through...

7.1CVSS

7.1AI Score

0.0005EPSS

2024-02-08 01:02 PM
thn
thn

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

10CVSS

9.3AI Score

0.972EPSS

2024-03-22 11:28 AM
28
apple
apple

About the security content of macOS Sonoma 14.4

About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

8.6CVSS

8.9AI Score

0.962EPSS

2024-03-07 12:00 AM
27
thn
thn

Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms

Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth...

7.4AI Score

2024-03-13 10:33 AM
20
securelist
securelist

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

6.8AI Score

2024-03-13 08:00 AM
10
cnvd
cnvd

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-0601836)

Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...

7.6AI Score

2023-12-27 12:00 AM
3
thn
thn

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...

6.2AI Score

2024-03-25 09:02 AM
24
cvelist
cvelist

CVE-2023-5643 Mali GPU Kernel Driver allows improper GPU memory processing operations

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel.....

7.9AI Score

0.001EPSS

2024-02-05 09:49 AM
cert
cert

HTTP/2 CONTINUATION frames can be utilized for DoS attacks

Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....

7.5CVSS

7.7AI Score

0.005EPSS

2024-04-03 12:00 AM
59
cve
cve

CVE-2023-40653

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-10-08 04:15 AM
18
cvelist
cvelist

CVE-2023-5249 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...

7AI Score

0.001EPSS

2024-02-05 10:01 AM
krebs
krebs

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

6.8AI Score

2024-03-14 09:13 PM
31
cve
cve

CVE-2022-43703

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended...

7.8CVSS

7.6AI Score

0.001EPSS

2023-07-27 10:15 PM
21
Total number of security vulnerabilities15434