Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...
6.1CVSS
6.1AI Score
0.0005EPSS
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
6AI Score
0.0004EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....
4.8CVSS
5.8AI Score
0.0005EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
6AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown (CVE-2021-47110) An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4....
6.5CVSS
7AI Score
0.0004EPSS
xen is vulnerable to Information Disclosure. Under specific micro architectural circumstances, an attacker is able to potentially access sensitive user...
5.5CVSS
6.7AI Score
0.001EPSS
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown (CVE-2021-47110) An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4....
6.5CVSS
6.9AI Score
0.0004EPSS
Issue Overview: 2024-06-19: CVE-2022-1011 was added to this advisory. 2024-06-19: CVE-2022-1353 was added to this advisory. 2024-06-19: CVE-2022-41858 was added to this advisory. 2024-06-19: CVE-2023-1637 was added to this advisory. A use-after-free flaw was found in the Linux kernel's FUSE...
7.8CVSS
8AI Score
0.0004EPSS
Issue Overview: 2024-06-19: CVE-2023-52845 was added to this advisory. A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information....
7.1CVSS
7.3AI Score
0.0004EPSS
Issue Overview: 2024-06-19: CVE-2023-46838 was added to this advisory. 2024-06-06: CVE-2023-52486 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2024-0607 was added to this advisory. A flaw...
7.8CVSS
7.6AI Score
0.001EPSS
Issue Overview: 2024-06-19: CVE-2023-52845 was added to this advisory. A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information....
7.1CVSS
7.3AI Score
0.0004EPSS
Issue Overview: 2024-06-19: CVE-2020-14356 was added to this advisory. The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232) The....
7.8CVSS
7.1AI Score
0.014EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
6.9AI Score
0.0004EPSS
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.8CVSS
7.8AI Score
0.001EPSS
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
9.8CVSS
7.4AI Score
EPSS
kernel-rt security and bug fix update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
9.8CVSS
10AI Score
EPSS
kernel-rt security and bug fix update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
7.8CVSS
7.9AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2023-52567 was added to this advisory. 2024-04-11: CVE-2023-42754 was added to this advisory. A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. (CVE-2023-34324) A NULL pointer dereference flaw was found....
5.5CVSS
7.5AI Score
0.001EPSS
Issue Overview: 2024-06-07: CVE-2023-52881 was added to this advisory. 2024-02-01: CVE-2023-0590 was added to this advisory. 2024-01-19: CVE-2023-52340 was added to this advisory. A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This.....
7.8CVSS
6.9AI Score
EPSS
Issue Overview: 2024-06-07: CVE-2022-48687 was added to this advisory. 2024-01-31: CVE-2022-28693 was added to this advisory. 2024-01-31: CVE-2022-29901 was added to this advisory. 2024-01-31: CVE-2023-2860 was added to this advisory. 2024-01-31: CVE-2022-39188 was added to this advisory. An...
7.8CVSS
8.2AI Score
EPSS
Grafana: Users outside an organization can delete a snapshot with its key
Summary The DELETE /api/snapshots/{key} endpoint allows any Grafana user to delete snapshots if the user is NOT in the organization of the snapshot Details An attacker (a user without organization affiliation or with a "no basic role" in an organization other than the one where the dashboard...
6.5CVSS
6.4AI Score
0.0004EPSS
kernel security and bug fix update
[5.14.0-427.20.1_4.OL9] Disable UKI signing [Orabug: 36571828] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey...
7.4AI Score
0.0004EPSS
Issue Overview: 2024-06-07: CVE-2022-2977 was added to this advisory. 2024-04-11: CVE-2022-41858 was added to this advisory. 2023-09-13: CVE-2023-4387 was added to this advisory. 2023-09-13: CVE-2023-4459 was added to this advisory. A memory leak flaw was found in the Linux kernel's DMA subsystem,....
7.8CVSS
8AI Score
0.001EPSS
Issue Overview: 2024-06-07: CVE-2023-26607 was added to this advisory. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack.....
7.1CVSS
6.8AI Score
0.0004EPSS
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...
7.8CVSS
6.9AI Score
0.001EPSS
Issue Overview: 2024-06-06: CVE-2023-52477 was added to this advisory. A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. (CVE-2023-3397) In the Linux kernel, the following vulnerability has...
7.8CVSS
8.4AI Score
0.0004EPSS
Issue Overview: 2024-06-06: CVE-2023-26607 was added to this advisory. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack.....
8.8CVSS
6.8AI Score
0.001EPSS
Issue Overview: 2024-06-06: CVE-2021-47006 was added to this advisory. 2024-05-23: CVE-2021-47013 was added to this advisory. 2024-05-23: CVE-2021-46960 was added to this advisory. 2024-05-23: CVE-2021-47166 was added to this advisory. 2024-05-23: CVE-2021-46955 was added to this advisory....
7.8CVSS
7.6AI Score
0.001EPSS
Issue Overview: 2024-06-06: CVE-2022-48687 was added to this advisory. 2023-10-12: CVE-2023-2860 was added to this advisory. An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with...
7.8CVSS
7.8AI Score
0.009EPSS
Issue Overview: 2024-06-06: CVE-2022-20566 was added to this advisory. 2024-04-11: CVE-2023-1095 was added to this advisory. A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input....
7.8CVSS
8.3AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2023-52881 was added to this advisory. 2024-02-01: CVE-2023-0590 was added to this advisory. 2024-02-01: CVE-2024-0584 was added to this advisory. 2024-01-19: CVE-2023-52340 was added to this advisory. A use-after-free flaw was found in qdisc_graft in...
7.8CVSS
7AI Score
EPSS
Issue Overview: 2024-06-06: CVE-2022-48651 was added to this advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103) A flaw use after free in the Linux...
7.8CVSS
7.2AI Score
EPSS
[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...
7.8CVSS
9AI Score
0.001EPSS
[slackware-security] Slackware 15.0 kernel
New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.160/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel...
8CVSS
7.9AI Score
EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...
7.8CVSS
7AI Score
0.001EPSS
In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for...
4.6CVSS
7AI Score
0.0005EPSS
5.7AI Score
0.004EPSS
CVE-2022-3114 affecting package kernel 5.15.160.1-1
CVE-2022-3114 affecting package kernel 5.15.160.1-1. No patch is available...
5.5CVSS
6.5AI Score
0.0004EPSS
CVE-2022-45885 affecting package kernel 5.15.160.1-1
CVE-2022-45885 affecting package kernel 5.15.160.1-1. No patch is available...
7CVSS
7.3AI Score
0.0004EPSS
CVE-2022-40133 affecting package kernel 5.15.160.1-1
CVE-2022-40133 affecting package kernel 5.15.160.1-1. No patch is available...
6.3CVSS
6.6AI Score
0.0004EPSS
CVE-2021-3847 affecting package kernel 5.15.160.1-1
CVE-2021-3847 affecting package kernel 5.15.160.1-1. No patch is available...
7.8CVSS
7.7AI Score
0.0004EPSS
CVE-2022-2961 affecting package kernel 5.15.160.1-1
CVE-2022-2961 affecting package kernel 5.15.160.1-1. No patch is available...
7CVSS
6.8AI Score
0.0004EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
CVE-2022-0480 affecting package kernel 5.10.189.1-1
CVE-2022-0480 affecting package kernel 5.10.189.1-1. No patch is available...
5.5CVSS
7.5AI Score
0.0004EPSS
CVE-2022-40133 affecting package kernel 5.10.189.1-1
CVE-2022-40133 affecting package kernel 5.10.189.1-1. No patch is available...
6.3CVSS
7.5AI Score
0.0004EPSS
CVE-2022-3114 affecting package kernel 5.10.189.1-1
CVE-2022-3114 affecting package kernel 5.10.189.1-1. No patch is available...
5.5CVSS
7.5AI Score
0.0004EPSS