Lucene search

K

ALL NIPPON AIRWAYS CO., LTD Security Vulnerabilities

cnvd
cnvd

Data Leakage Protection (DLP) System Logic Flaw Vulnerability at Beijing Yisetong Technology Development Co.

Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. The Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a logic flaw vulnerability, which can be exploited by...

7.2AI Score

2024-02-06 12:00 AM
3
packetstorm

7.4AI Score

2024-03-26 12:00 AM
90
nvd
nvd

CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-03-27 02:15 PM
1
exploitdb

7.4AI Score

2024-03-25 12:00 AM
87
redos
redos

ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server.....

9.8CVSS

7.6AI Score

0.961EPSS

2024-04-11 12:00 AM
13
jvn
jvn

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code (CWE-489) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file (CWE-532)...

7.2AI Score

0.0004EPSS

2024-04-24 12:00 AM
8
nessus
nessus

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

9.2AI Score

0.895EPSS

2024-05-11 12:00 AM
2
apple
apple

About the security content of macOS Sonoma 14.5

About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

5.5CVSS

8.9AI Score

0.001EPSS

2024-05-13 12:00 AM
11
cve
cve

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,.....

6.5CVSS

6.2AI Score

0.0004EPSS

2024-04-04 03:15 PM
31
redhatcve
redhatcve

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.5AI Score

0.0004EPSS

2024-05-18 01:05 AM
1
redhatcve
redhatcve

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.6AI Score

0.0004EPSS

2024-05-18 01:04 AM
6
cnvd
cnvd

SQL Injection Vulnerability in DedeCMS of Shanghai Zhuozhuo Network Technology Company Limited (CNVD-2024-13237)

DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive...

7.9AI Score

2024-02-05 12:00 AM
28
prion
prion

Design/Logic Flaw

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

7AI Score

0.001EPSS

2023-11-13 04:15 PM
10
cnvd
cnvd

Unauthorized Access Vulnerability in SCM One Card Platform System of Shandong Weir Data Co.

Shandong Weir Data Co., Ltd. is a whole industry chain enterprise integrating independent software development, embedded development, hardware development, production and sales service. An unauthorized access vulnerability exists in the SCM one-card platform system of Shandong Weir Data Company...

6.8AI Score

2023-03-18 12:00 AM
2
prion
prion

Default configuration

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...

7.4AI Score

0.0004EPSS

2024-03-01 10:15 AM
2
redhatcve
redhatcve

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.4AI Score

0.0004EPSS

2024-05-20 06:17 PM
3
redhatcve
redhatcve

CVE-2024-35855

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

6.5AI Score

0.0004EPSS

2024-05-18 01:05 AM
2
openbugbounty
openbugbounty

co-optimus.com Cross Site Scripting vulnerability OBB-3809950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2023-12-11 10:20 AM
3
cnvd
cnvd

Arbitrary File Read Vulnerability in Yonghong One-Stop Big Data BI Platform of Beijing Yonghong Business Intelligence Technology Co.

Yonghong One-Stop Big Data BI Platform is a one-stop big data analysis platform. Beijing Yonghong Business Intelligence Technology Co., Ltd. Yonghong One-Stop Big Data BI Platform suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive...

6.9AI Score

2024-02-01 12:00 AM
10
nessus
nessus

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-02 12:00 AM
11
nessus
nessus

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
7
redhatcve
redhatcve

CVE-2024-26984

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...

6.9AI Score

0.0004EPSS

2024-05-01 07:34 PM
1
nessus
nessus

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
6
malwarebytes
malwarebytes

Why car location tracking needs an overhaul

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......

6.8AI Score

2024-05-13 10:48 AM
12
talosblog
talosblog

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

7.4AI Score

2024-05-14 12:42 PM
5
thn
thn

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed,...

7.1AI Score

2024-06-14 01:21 PM
18
malwarebytes
malwarebytes

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....

7.2AI Score

2024-05-02 03:14 PM
6
krebs
krebs

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack....

6.8AI Score

2024-05-07 05:36 PM
7
cnvd
cnvd

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-11433)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.5AI Score

2024-01-29 12:00 AM
4
openvas
openvas

RedHat Update for samba3x RHSA-2011:1220-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2011-09-07 12:00 AM
10
cnvd
cnvd

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-11424)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.5AI Score

2024-01-29 12:00 AM
5
redhatcve
redhatcve

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

7.3AI Score

0.0004EPSS

2024-05-01 08:24 PM
4
nessus
nessus

EulerOS Virtualization for ARM 64 3.0.5.0 : openssl (EulerOS-SA-2020-1063)

According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : In situations where an attacker receives automated notification of the success or failure of a decryption ...

5.3CVSS

6AI Score

0.015EPSS

2020-01-13 12:00 AM
23
openvas
openvas

RedHat Update for samba and cifs-utils RHSA-2011:1221-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2012-07-09 12:00 AM
27
prion
prion

Race condition

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

7.1AI Score

0.0004EPSS

2024-03-04 01:15 PM
8
prion
prion

Race condition

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

7.1AI Score

0.0004EPSS

2024-03-04 10:15 AM
12
cnvd
cnvd

Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-11054)

The EG3210 is a multi-service security gateway. A command execution vulnerability exists in the EG3210, which can be exploited by an attacker to gain control of a...

7.6AI Score

2024-01-18 12:00 AM
6
openbugbounty
openbugbounty

co-opcreditunions.org Cross Site Scripting vulnerability OBB-3805352

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2023-12-07 01:03 PM
4
openvas
openvas

RedHat Update for samba RHSA-2011:1219-01

The remote host is missing an update for...

5.6AI Score

0.008EPSS

2011-09-07 12:00 AM
7
nvd
nvd

CVE-2024-29129

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-03-19 02:15 PM
nvd
nvd

CVE-2024-29104

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-03-19 04:15 PM
2
thn
thn

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

7.5CVSS

8AI Score

0.955EPSS

2024-06-04 03:25 AM
1
redhatcve
redhatcve

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

7.1AI Score

0.0004EPSS

2024-02-28 02:39 PM
10
thn
thn

How to Build Your Autonomous SOC Strategy

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from.....

7.2AI Score

2024-05-30 11:44 AM
1
krebs
krebs

Fake Lawsuit Threat Exposes Privnote Phishing Sites

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and...

6.7AI Score

2024-04-04 02:12 PM
8
redhatcve
redhatcve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.4AI Score

0.0004EPSS

2024-05-27 08:29 AM
3
securelist
securelist

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....

7.6AI Score

2024-04-24 10:10 AM
15
cve
cve

CVE-2024-21805

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is.....

7.1AI Score

0.0004EPSS

2024-03-12 08:15 AM
35
thn
thn

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

7.5AI Score

2024-05-30 08:55 AM
1
debiancve
debiancve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

7AI Score

0.0004EPSS

2024-03-25 10:15 AM
5
Total number of security vulnerabilities15434