Lucene search

K

Yan&Co Security Vulnerabilities

redhat
redhat

(RHSA-2024:1644) Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.7AI Score

0.0005EPSS

2024-04-02 08:03 PM
10
cvelist
cvelist

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...

7.4AI Score

0.0004EPSS

2024-04-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

6.9AI Score

0.0004EPSS

2024-05-01 01:00 PM
nessus
nessus

RHEL 6 : pcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) A Improper Limitation of...

7.4AI Score

0.001EPSS

2024-05-11 12:00 AM
6
ibm
ibm

Security Bulletin: Multiple vulnerabilities exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....

7.5CVSS

6.9AI Score

0.001EPSS

2024-05-13 11:52 AM
8
nessus
nessus

Debian DLA-1932-1 : openssl security update

Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...

4.7CVSS

6.5AI Score

0.015EPSS

2019-09-26 12:00 AM
94
nessus
nessus

FreeBSD : mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. (273c6c43-e3ad-11e9-8af7-08002720423d)

Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports : Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV...

5.3CVSS

4.7AI Score

0.0004EPSS

2019-10-14 12:00 AM
15
krebs
krebs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

7.3AI Score

2024-05-28 08:38 PM
14
vulnrichment
vulnrichment

CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.7AI Score

0.0004EPSS

2024-03-25 09:16 AM
cve
cve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.3AI Score

0.0004EPSS

2024-03-25 10:15 AM
32
cvelist
cvelist

CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

7.4AI Score

0.0004EPSS

2024-03-25 09:16 AM
redos
redos

ROS-20240329-22

Vulnerability in the Heerces C++ library of the BigFix Platform IT hardware co-management platform is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, to execute arbitrary code by sending a specially crafted HTTP...

8.8CVSS

8AI Score

0.007EPSS

2024-03-29 12:00 AM
10
cve
cve

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...

7.5AI Score

0.0004EPSS

2024-04-11 09:15 PM
25
nvd
nvd

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...

7.2AI Score

0.0004EPSS

2024-04-11 09:15 PM
cvelist
cvelist

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...

7.5AI Score

0.0004EPSS

2024-04-11 12:00 AM
cve
cve

CVE-2024-31406

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...

6.9AI Score

0.0004EPSS

2024-04-24 06:15 AM
31
nessus
nessus

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...

8.4AI Score

0.102EPSS

2024-05-11 12:00 AM
8
spring
spring

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and...

7.1AI Score

2024-06-13 12:00 AM
cnvd
cnvd

Deserialization Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-17662)

Beijing Yisetong Technology Development Co., Ltd. is a leading provider of data security business and network security business at home and abroad. A deserialization vulnerability exists in Yisetong's electronic document security management system, which can be exploited by an attacker to gain...

7.4AI Score

2024-03-05 12:00 AM
4
cvelist
cvelist

CVE-2024-29908 WordPress Co-marquage service-public.fr plugin <= 0.5.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-27 06:56 AM
2
cnvd
cnvd

SQL Injection Vulnerability in iFair of Beijing Yiharmonic Technology Co.

Enterprise iFair Collaboration Management System is a professional collaborative office software, the management system is highly compatible and suitable for a wide range of business types. There is a SQL injection vulnerability in iFair, which can be exploited by attackers to obtain sensitive...

7.5AI Score

2024-02-27 12:00 AM
4
cve
cve

CVE-2024-29908

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-27 07:15 AM
29
nvd
nvd

CVE-2024-26984

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...

7.3AI Score

0.0004EPSS

2024-05-01 06:15 AM
cve
cve

CVE-2024-23911

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...

6.7AI Score

0.0004EPSS

2024-04-15 11:15 AM
37
cve
cve

CVE-2024-28894

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...

6.7AI Score

0.0004EPSS

2024-04-15 11:15 AM
26
nvd
nvd

CVE-2024-29908

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-03-27 07:15 AM
cve
cve

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the...

7AI Score

0.0004EPSS

2024-04-15 11:15 AM
28
nessus
nessus

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)

The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in...

9.8CVSS

9.4AI Score

0.123EPSS

2024-05-15 12:00 AM
5
openvas
openvas

Do not print on AppSocket and socketAPI printers

The host seems to be an AppSocket or socketAPI printer. Scanning it will waste paper. So ports 2000, 2501, 9100-9107, 9112-9116, 9200 and 10001...

7.3AI Score

2005-11-03 12:00 AM
184
nvd
nvd

CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-03-27 02:15 PM
1
cnvd
cnvd

SQL Injection Vulnerability in the Intelligent Water Integration Platform of Shandong Weimicro Technology Co. Ltd (CNVD-2024-14945)

Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. Shandong Weimicro Technology Co., Ltd. intelligent...

7.5AI Score

2024-02-24 12:00 AM
6
redos
redos

ROS-20240503-01

A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google...

9.8CVSS

8.7AI Score

0.001EPSS

2024-05-03 12:00 AM
8
nessus
nessus

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-2097)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...

5.3CVSS

5.7AI Score

0.015EPSS

2019-11-12 12:00 AM
25
nvd
nvd

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...

6.6AI Score

0.0004EPSS

2024-04-03 03:15 PM
5
nvd
nvd

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

7.3AI Score

0.0004EPSS

2024-04-17 11:15 AM
1
cve
cve

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...

6.9AI Score

0.0004EPSS

2024-04-03 03:15 PM
28
cvelist
cvelist

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...

6.9AI Score

0.0004EPSS

2024-04-03 12:00 AM
nvd
nvd

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

7.5AI Score

0.0004EPSS

2024-05-01 01:15 PM
1
cnvd
cnvd

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-14992)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co.,...

7.6AI Score

2024-02-21 12:00 AM
15
cnvd
cnvd

Information leakage vulnerability in the comprehensive management platform of intelligent park of Zhejiang Dahua Technology Co.(CNVD-2024-14798)

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. There is an information leakage vulnerability in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by attackers to obtain sensitive...

6.6AI Score

2024-02-22 12:00 AM
3
redos
redos

ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server.....

9.8CVSS

7.6AI Score

0.961EPSS

2024-04-11 12:00 AM
13
jvn
jvn

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.7AI Score

0.0004EPSS

2024-02-20 12:00 AM
7
nvd
nvd

CVE-2024-29667

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...

7.5AI Score

0.0004EPSS

2024-03-29 06:15 PM
1
cve
cve

CVE-2024-29667

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...

7.8AI Score

0.0004EPSS

2024-03-29 06:15 PM
38
githubexploit
githubexploit

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

7.5CVSS

7.9AI Score

0.006EPSS

2023-09-28 08:45 AM
119
cnvd
cnvd

Data Leakage Protection (DLP) System Logic Flaw Vulnerability at Beijing Yisetong Technology Development Co.

Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. The Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a logic flaw vulnerability, which can be exploited by...

7.2AI Score

2024-02-06 12:00 AM
3
nessus
nessus

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

9.2AI Score

0.895EPSS

2024-05-11 12:00 AM
2
cnvd
cnvd

Unauthorized Access Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2024-14380)

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An unauthorized access vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co. Ltd.'s Intelligent Park, which can be exploited by an attacker to add users...

7AI Score

2024-02-19 12:00 AM
9
cve
cve

CVE-2024-28744

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...

6.9AI Score

0.0004EPSS

2024-04-08 01:15 AM
27
jvn
jvn

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...

6.3AI Score

0.006EPSS

2014-01-22 12:00 AM
11
Total number of security vulnerabilities10934