Trend Micro, Inc. Security Vulnerabilities
Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One...
7.5AI Score
0.0005EPSS
Trend Micro Apex One Security Agent Link Following Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
6.4AI Score
0.0005EPSS
6.8AI Score
0.0005EPSS
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
7.5AI Score
0.0005EPSS
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...
7.4AI Score
0.051EPSS
Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or....
7.6AI Score
0.011EPSS
Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or....
7.6AI Score
0.011EPSS
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...
6.1CVSS
0.001EPSS
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
7.5AI Score
0.0005EPSS
The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...
5.3CVSS
5.6AI Score
0.0005EPSS
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management...
7.5CVSS
6.9AI Score
0.0005EPSS
Trend Micro VPN Proxy One Pro Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
6.9AI Score
0.0005EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.5AI Score
0.0005EPSS
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...
7.4AI Score
0.051EPSS
4.7CVSS
7.1AI Score
0.001EPSS
Virtuozzo 6 : libvirt / libvirt-client / libvirt-devel / etc (VZLSA-2019-1180)
An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from.....
5.6CVSS
6.8AI Score
0.001EPSS
openSUSE: Security Advisory for ppp (SUSE-SU-2023:4965-1)
The remote host is missing an update for...
6.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.05EPSS
openSUSE: Security Advisory for icu73_2 (SUSE-SU-2023:3563-3)
The remote host is missing an update for...
8.8CVSS
6.8AI Score
0.004EPSS
openSUSE: Security Advisory for tiff (SUSE-SU-2023:0342-1)
The remote host is missing an update for...
5.5CVSS
6.5AI Score
0.001EPSS
Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2019-1181)
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from....
5.6CVSS
6.7AI Score
0.001EPSS
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...
7.5AI Score
0.015EPSS
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...
8.1CVSS
4.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work...
6.5AI Score
0.0004EPSS
openSUSE: Security Advisory for cups (SUSE-SU-2024:2003-1)
The remote host is missing an update for...
4.4CVSS
7.1AI Score
0.0004EPSS
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...
6.5CVSS
6.5AI Score
0.0005EPSS
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533...
7.2CVSS
7.1AI Score
0.001EPSS
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the...
5.5CVSS
4.9AI Score
0.0004EPSS
7.1CVSS
7AI Score
0.0004EPSS
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...
6.1CVSS
6.1AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: dotnet8.0-8.0.103-1.fc40
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
7.1AI Score
7.5AI Score
0.0004EPSS
A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used....
9.8CVSS
0.001EPSS
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...
6.1CVSS
4.5AI Score
0.001EPSS
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...
6.1CVSS
6AI Score
0.001EPSS
openSUSE: Security Advisory for tar (SUSE-SU-2023:0463-1)
The remote host is missing an update for...
5.5CVSS
6.3AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.001EPSS
openSUSE: Security Advisory for polkit (SUSE-SU-2024:0010-1)
The remote host is missing an update for...
7.5AI Score
openSUSE: Security Advisory for catatonit, containerd, runc (SUSE-SU-2023:4727-1)
The remote host is missing an update for...
9.1CVSS
10AI Score
0.002EPSS
openSUSE: Security Advisory for cairo (SUSE-SU-2024:1704-1)
The remote host is missing an update for...
6.5CVSS
6.8AI Score
0.003EPSS
openSUSE: Security Advisory for cpio (SUSE-SU-2024:0238-1)
The remote host is missing an update for...
4.9CVSS
5.1AI Score
0.0004EPSS
openSUSE: Security Advisory for cpio (SUSE-SU-2024:0305-1)
The remote host is missing an update for...
4.9CVSS
5.1AI Score
0.0004EPSS
openSUSE: Security Advisory for vim (SUSE-SU-2023:2640-1)
The remote host is missing an update for...
7.8CVSS
7.4AI Score
0.001EPSS
openSUSE: Security Advisory for vim (SUSE-SU-2024:0871-1)
The remote host is missing an update for...
7.8CVSS
5.9AI Score
0.002EPSS
7.5AI Score
A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used....
9.8CVSS
9.6AI Score
0.001EPSS
7.8CVSS
6.5AI Score
0.0004EPSS
Oracle Linux 7 : libreoffice (ELSA-2024-3304)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...
8.8CVSS
7.1AI Score
0.001EPSS
Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
7.5AI Score
0.0005EPSS