CVE-2022-48724 iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate...
0.0004EPSS
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public...
6.6AI Score
0.0004EPSS
Stack overflow and use-after-free in HTTP/3
Stack overflow and use-after-free in HTTP/3 Severity: medium CVE-2024-31079 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5,...
4.8CVSS
7.5AI Score
0.0004EPSS
Unencrypted traffic between pods when using Wireguard and an external kvstore
Impact For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. Patches This issue affects Cilium v1.14 before v1.14.7. This issue has been patched in Cilium v1.14.7. Workarounds There is no...
6.1CVSS
7.2AI Score
0.0004EPSS
Media resumption control could show up in another user and leak the owner's media data
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
5.5CVSS
6.4AI Score
0.0004EPSS
Apps can get the ACTIVITY_RECOGNITION runtime permission silently via app upgrade on Q and above
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
An android kernel bug that allows to bypass all protection bypass and achieve privilege escalation
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
8.8AI Score
0.0004EPSS
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...
6.5CVSS
7.5AI Score
0.0004EPSS
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.1CVSS
6.8AI Score
0.005EPSS
Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
5.5CVSS
6.5AI Score
0.0004EPSS
Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
5.5CVSS
6.6AI Score
0.0004EPSS
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin...
6.1CVSS
6AI Score
0.001EPSS
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
9.9AI Score
0.935EPSS
D-Link DIR-850L Rev.A1 < 1.20 / Rev.B1 < 2.20 XSS / Backdoor / Code Execution Vulnerabilities
D-Link DIR-850L devices suffer from cross-site scripting (XSS), access bypass, backdoor, bruteforcing, information disclosure, remote code execution (RCE), and denial of service (DoS)...
9.8CVSS
7.3AI Score
0.015EPSS
ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities
Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details ["#details"] section.....
6.5AI Score
0.0004EPSS
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.1CVSS
6.9AI Score
0.005EPSS
D-Link D-View 8 Path Traversal RCE (CVE-2023-32165)
The D-Link D-View 8 probe server running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted TFTP message, to upload arbitrary files to arbitrary directories on the remote...
9.8CVSS
7.1AI Score
0.001EPSS
Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected...
6.1CVSS
6.1AI Score
0.001EPSS
willdurand/js-translation-bundle potential path traversal attack and remote code injection
A path traversal and a javascript code injection vulnerabilities were identified in willdurand/js-translation-bundle versions prior to...
7.7AI Score
Updated mariadb packages fix security vulnerability and bugs
Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor...
4.9CVSS
7.3AI Score
0.0005EPSS
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...
9.8CVSS
8.7AI Score
0.935EPSS
fence-agents security and bug fix update
[4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 [4.2.1-127] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 -...
6.1CVSS
6.8AI Score
0.001EPSS
WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user...
6.1CVSS
6.1AI Score
0.002EPSS
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...
7.2CVSS
7.3AI Score
0.0004EPSS
willdurand/js-translation-bundle potential path traversal attack and remote code injection
A path traversal and a javascript code injection vulnerabilities were identified in willdurand/js-translation-bundle versions prior to...
7.7AI Score
(RHSA-2024:3543) Moderate: python-idna security and bug fix update
Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...
6.3AI Score
EPSS
kernel security, bug fix, and enhancement update
[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
9.8CVSS
8AI Score
EPSS
d-passion.nl Improper Access Control vulnerability OBB-3863497
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Description The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....
6.4CVSS
5.8AI Score
0.001EPSS
(RHSA-2024:3552) Moderate: python-idna security and bug fix update
Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...
6.3AI Score
EPSS
K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080
Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...
5.6AI Score
0.0004EPSS
Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
0.0004EPSS
Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...
7.5AI Score
0.0004EPSS
Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...
9.8CVSS
9.4AI Score
0.963EPSS
Apache Derby is vulnerable to LDAP Injection. The vulnerability is due to improper input validation in the username field which can be used to bypass authentication checks. This can be exploited by an attacker by injecting malicious usernames, and as a result fill up the disk by creating junk...
9.8CVSS
7.1AI Score
0.002EPSS
Decompressors can crash the JVM and leak memory content in Aircompressor
Summary All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). Details When decompressing certain data, the...
8.6CVSS
6.2AI Score
0.0004EPSS
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
In unix_stream_sendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.3AI Score
0.0004EPSS
Build Numbers and Versions of Veeam Service Provider Console
Build Numbers and Versions of Veeam Service Provider...
6.9AI Score
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading...
6.1CVSS
6.3AI Score
0.001EPSS
Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
The remote SSL/TLS server is supporting Diffie-Hellman ephemeral (DHE) Key Exchange algorithms and thus could be prone to a denial of service (DoS) ...
7.5CVSS
7.4AI Score
0.011EPSS
dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh
dotmesh arbitrary file read and/or write in...
8.1CVSS
8.1AI Score
0.0004EPSS
CVE-2023-5145 D-Link DAR-7000 licence.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
6.3CVSS
8.9AI Score
0.001EPSS
Download Plugins and Themes from Dashboard < 1.8.6 - Authenticated (Admin+) Arbitrary File Download
Description The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.5 via the download_theme function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...
9.2AI Score
0.0004EPSS
CVE-2023-5145 D-Link DAR-7000 licence.php unrestricted upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The....
6.3CVSS
6.9AI Score
0.001EPSS
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...
6.9AI Score
0.0004EPSS
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...
5.3CVSS
6.5AI Score
0.0004EPSS
(RHSA-2024:3462) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): RHEL: Add Spectre-BHB mitigation for AmpereOne (CVE-2023-3006) kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013) kernel: net: bridge: data races...
7.4AI Score
0.0004EPSS