Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

nuclei
nuclei

Jira - Local File Inclusion

Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file...

7.5CVSS

7.3AI Score

0.971EPSS

2020-10-02 07:50 PM
7
openbugbounty
openbugbounty

krishna-coirs.in Cross Site Scripting vulnerability OBB-3923393

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-27 02:21 AM
4
githubexploit

7.3AI Score

2024-03-30 04:25 PM
90
nessus
nessus

FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)

Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpio_safer_name_suffix...

7.3CVSS

6.8AI Score

0.043EPSS

2019-11-18 12:00 AM
15
nessus
nessus

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...

8.4AI Score

EPSS

2024-04-09 12:00 AM
23
nessus
nessus

Debian DSA-4500-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. CVE-2019-5807 TimGMichaud discovered a...

9.6CVSS

9.1AI Score

0.657EPSS

2019-08-14 12:00 AM
12
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...

7.8CVSS

7.6AI Score

0.011EPSS

2024-05-13 12:00 AM
6
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
2
openbugbounty
openbugbounty

krishna-engg.com Improper Access Control vulnerability OBB-3802845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2023-12-04 07:32 PM
2
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

8.3AI Score

EPSS

2024-05-13 12:00 AM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

8.3AI Score

EPSS

2024-05-13 12:00 AM
8
packetstorm

7.4AI Score

EPSS

2024-03-04 12:00 AM
63
thn
thn

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and...

9.8CVSS

9.6AI Score

0.002EPSS

2024-05-13 10:12 AM
1
zdi
zdi

Microsoft Windows cldflt Type Confusion Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS

8.2AI Score

0.0005EPSS

2024-05-14 12:00 AM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.535.2.1] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36467681] {CVE-2024-1086} [4.14.35-2047.535.2] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 33499812] - LTS version: v4.14.338 (Saeed Mirzamohammadi) - crypto:...

7.8CVSS

8AI Score

0.011EPSS

2024-04-08 12:00 AM
7
securelist
securelist

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

7AI Score

2024-03-13 11:29 AM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
6
cve
cve

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload...

7.6AI Score

0.03EPSS

2006-03-14 01:06 AM
31
cve
cve

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME]...

7AI Score

0.009EPSS

2006-03-14 01:06 AM
17
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...

8.2AI Score

EPSS

2024-04-08 12:00 AM
28
prion
prion

Directory traversal

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload...

8.1AI Score

0.03EPSS

2006-03-14 01:06 AM
3
osv
osv

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer...

7.5CVSS

7AI Score

0.001EPSS

2023-03-31 09:30 PM
8
nvd
nvd

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload...

7.6AI Score

0.03EPSS

2006-03-14 01:06 AM
2
cve
cve

CVE-2005-3947

Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename...

6.8AI Score

0.019EPSS

2005-12-01 11:00 AM
20
thn
thn

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. "The...

7AI Score

2024-03-15 06:18 AM
31
openvas
openvas

Debian: Security Advisory (DSA-3645-1)

The remote host is missing an update for the...

9.8CVSS

8.9AI Score

0.028EPSS

2016-08-08 12:00 AM
13
openvas
openvas

Ubuntu: Security Advisory (USN-5128-1)

The remote host is missing an update for...

7.2CVSS

6.4AI Score

0.005EPSS

2021-11-02 12:00 AM
6
openvas
openvas

Ubuntu: Security Advisory (USN-1068-1)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2011-02-28 12:00 AM
12
openvas
openvas

Ubuntu: Security Advisory (USN-4618-1)

The remote host is missing an update for...

8.8CVSS

7.7AI Score

0.001EPSS

2020-11-06 12:00 AM
6
openvas
openvas

Ubuntu: Security Advisory (USN-4998-1)

The remote host is missing an update for...

7.2CVSS

6.2AI Score

0.005EPSS

2021-06-26 12:00 AM
7
openvas
openvas

Debian: Security Advisory (DLA-319-1)

The remote host is missing an update for the...

9.8CVSS

8.5AI Score

0.066EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-3089-1)

The remote host is missing an update for...

7.5CVSS

7.6AI Score

0.008EPSS

2016-09-28 12:00 AM
8
openvas
openvas

Debian: Security Advisory (DSA-3678-1)

The remote host is missing an update for the...

7.5CVSS

7.6AI Score

0.008EPSS

2016-09-25 12:00 AM
13
openvas
openvas

Ubuntu: Security Advisory (USN-369-2)

The remote host is missing an update for...

6.6AI Score

0.024EPSS

2022-08-26 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-998-1)

The remote host is missing an update for...

9.8AI Score

0.849EPSS

2010-10-22 12:00 AM
18
openvas
openvas

Ubuntu: Security Advisory (USN-1032-1)

The remote host is missing an update for...

9.6AI Score

0.931EPSS

2010-12-28 12:00 AM
28
openvas
openvas

Debian: Security Advisory (DLA-1544-1)

The remote host is missing an update for the...

4.3CVSS

5.7AI Score

0.791EPSS

2018-10-14 12:00 AM
10
openvas
openvas

Ubuntu: Security Advisory (USN-4602-1)

The remote host is missing an update for...

8.6CVSS

8.2AI Score

0.003EPSS

2020-10-27 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-4602-2)

The remote host is missing an update for...

8.6CVSS

8.4AI Score

0.003EPSS

2022-08-26 12:00 AM
6
openvas
openvas

Debian: Security Advisory (DLA-1545-1)

The remote host is missing an update for the...

4.3CVSS

5.7AI Score

0.791EPSS

2018-10-15 12:00 AM
18
openvas
openvas

Debian: Security Advisory (DSA-2466-1)

The remote host is missing an update for the...

6.4AI Score

0.003EPSS

2012-05-31 12:00 AM
24
openvas
openvas

Ubuntu: Security Advisory (USN-1080-2)

The remote host is missing an update for...

5.5CVSS

7.4AI Score

0.062EPSS

2011-03-07 12:00 AM
16
openvas
openvas

Ubuntu: Security Advisory (USN-997-1)

The remote host is missing an update for...

9.8AI Score

0.849EPSS

2010-10-22 12:00 AM
16
openvas
openvas

Debian: Security Advisory (DSA-4395-1)

The remote host is missing an update for the...

7.4CVSS

7.6AI Score

0.149EPSS

2019-02-17 12:00 AM
37
openvas
openvas

Ubuntu: Security Advisory (USN-1080-1)

The remote host is missing an update for...

5.5CVSS

7.4AI Score

0.062EPSS

2011-03-07 12:00 AM
30
openvas
openvas

Debian: Security Advisory (DSA-4500-1)

The remote host is missing an update for the...

9.6CVSS

7.7AI Score

0.657EPSS

2019-08-14 12:00 AM
15
openvas
openvas

Ubuntu: Security Advisory (USN-4607-2)

The remote host is missing an update for...

5.3CVSS

5.7AI Score

0.003EPSS

2020-11-13 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-4607-1)

The remote host is missing an update for...

5.3CVSS

5.7AI Score

0.003EPSS

2020-10-28 12:00 AM
4
securelist
securelist

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....

7.5AI Score

2024-01-22 08:00 AM
9
openvas
openvas

Ubuntu: Security Advisory (USN-1000-1)

The remote host is missing an update for...

7.8CVSS

7.4AI Score

0.232EPSS

2010-10-22 12:00 AM
39
Total number of security vulnerabilities1083