Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...
6.1CVSS
6.1AI Score
0.0005EPSS
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
6AI Score
0.0004EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....
4.8CVSS
5.8AI Score
0.0005EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
6AI Score
0.001EPSS
xen is vulnerable to Information Disclosure. Under specific micro architectural circumstances, an attacker is able to potentially access sensitive user...
5.5CVSS
6.7AI Score
0.001EPSS
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
9.8CVSS
7.4AI Score
EPSS
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.8CVSS
7.8AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
6.9AI Score
0.0004EPSS
Issue Overview: 2024-06-07: CVE-2023-26607 was added to this advisory. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack.....
7.1CVSS
6.8AI Score
0.0004EPSS
kernel security and bug fix update
[5.14.0-427.20.1_4.OL9] Disable UKI signing [Orabug: 36571828] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey...
7.4AI Score
0.0004EPSS
kernel-rt security and bug fix update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
7.8CVSS
7.9AI Score
0.001EPSS
kernel-rt security and bug fix update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
9.8CVSS
10AI Score
EPSS
[slackware-security] Slackware 15.0 kernel
New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.160/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel...
8CVSS
7.9AI Score
EPSS
Issue Overview: 2024-06-07: CVE-2023-52881 was added to this advisory. 2024-02-01: CVE-2023-0590 was added to this advisory. 2024-01-19: CVE-2023-52340 was added to this advisory. A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This.....
7.8CVSS
6.9AI Score
EPSS
Issue Overview: 2024-06-07: CVE-2022-2977 was added to this advisory. 2024-04-11: CVE-2022-41858 was added to this advisory. 2023-09-13: CVE-2023-4387 was added to this advisory. 2023-09-13: CVE-2023-4459 was added to this advisory. A memory leak flaw was found in the Linux kernel's DMA subsystem,....
7.8CVSS
8AI Score
0.001EPSS
[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...
7.8CVSS
9AI Score
0.001EPSS
Issue Overview: A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate...
7.8CVSS
6.8AI Score
0.0004EPSS
Issue Overview: 2024-06-06: CVE-2023-52881 was added to this advisory. 2024-02-01: CVE-2023-0590 was added to this advisory. 2024-02-01: CVE-2024-0584 was added to this advisory. 2024-01-19: CVE-2023-52340 was added to this advisory. A use-after-free flaw was found in qdisc_graft in...
7.8CVSS
7AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2022-48651 was added to this advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103) A flaw use after free in the Linux...
7.8CVSS
7.2AI Score
EPSS
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...
7.8CVSS
6.9AI Score
0.001EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2023-52477 was added to this advisory. A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. (CVE-2023-3397) In the Linux kernel, the following vulnerability has...
7.8CVSS
8.4AI Score
0.0004EPSS
Issue Overview: 2024-06-06: CVE-2023-26607 was added to this advisory. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack.....
8.8CVSS
6.8AI Score
0.001EPSS
Issue Overview: 2024-06-06: CVE-2021-47006 was added to this advisory. 2024-05-23: CVE-2021-47013 was added to this advisory. 2024-05-23: CVE-2021-46960 was added to this advisory. 2024-05-23: CVE-2021-47166 was added to this advisory. 2024-05-23: CVE-2021-46955 was added to this advisory....
7.8CVSS
7.6AI Score
0.001EPSS
Issue Overview: 2024-06-07: CVE-2022-48687 was added to this advisory. 2024-01-31: CVE-2022-28693 was added to this advisory. 2024-01-31: CVE-2022-29901 was added to this advisory. 2024-01-31: CVE-2023-2860 was added to this advisory. 2024-01-31: CVE-2022-39188 was added to this advisory. An...
7.8CVSS
8.2AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2022-48687 was added to this advisory. 2023-10-12: CVE-2023-2860 was added to this advisory. An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with...
7.8CVSS
7.8AI Score
0.009EPSS
Issue Overview: 2024-06-06: CVE-2022-20566 was added to this advisory. 2024-04-11: CVE-2023-1095 was added to this advisory. A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input....
7.8CVSS
8.3AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2023-52486 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2024-0607 was added to this advisory. In the Linux kernel, the following vulnerability has been...
7.8CVSS
7.7AI Score
0.0004EPSS
Issue Overview: 2024-06-06: CVE-2023-52567 was added to this advisory. 2024-04-11: CVE-2023-42754 was added to this advisory. A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. (CVE-2023-34324) A NULL pointer dereference flaw was found....
5.5CVSS
7.5AI Score
0.001EPSS
Grafana: Users outside an organization can delete a snapshot with its key
Summary The DELETE /api/snapshots/{key} endpoint allows any Grafana user to delete snapshots if the user is NOT in the organization of the snapshot Details An attacker (a user without organization affiliation or with a "no basic role" in an organization other than the one where the dashboard...
6.5CVSS
6.4AI Score
0.0004EPSS
(RHSA-2024:3138) Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....
6.2AI Score
EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...
7.8CVSS
7AI Score
0.001EPSS
(RHSA-2024:3530) Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) kernel: net: bridge: data races...
6.8AI Score
0.011EPSS
(RHSA-2024:2950) Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
6.3AI Score
EPSS
(RHSA-2024:3462) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): RHEL: Add Spectre-BHB mitigation for AmpereOne (CVE-2023-3006) kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) kernel: net: bridge: data races...
7.4AI Score
0.0004EPSS
(RHSA-2024:3529) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) ...
6.7AI Score
0.011EPSS
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....
6.8AI Score
(RHSA-2024:3528) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) kernel: nf_tables: use-after-free vulnerability...
6.7AI Score
0.011EPSS
(RHSA-2024:3421) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function...
7.1AI Score
EPSS
(RHSA-2024:3461) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) kernel: netfilter: nf_tables: disallow anonymous set with timeout flag...
7.2AI Score
0.0004EPSS
Issue Overview: The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767) Affected Packages: kernel...
5.5CVSS
6.8AI Score
0.002EPSS
(RHSA-2024:3460) Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) kernel: netfilter:...
7.4AI Score
0.0004EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
6.9AI Score
(RHSA-2024:3351) Moderate: OpenShift Container Platform 4.12.58 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.58. See the following advisory for the container...
7.4AI Score
0.0005EPSS
(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient...
8.1AI Score
0.004EPSS