RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most...
7.5CVSS
6.7AI Score
0.001EPSS
RHEL 8 : OpenShift Container Platform 4.11.43 (RHSA-2023:3541)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3541 advisory. cri-o: incorrect handling of the supplementary groups (CVE-2022-2995) flask: Possible disclosure of permanent session cookie due to...
7.5CVSS
7.8AI Score
0.002EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-flask) (RHSA-2023:3444)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3444 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
8AI Score
0.001EPSS
RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.1CVSS
8.3AI Score
0.004EPSS
RHEL 8 : RHUI 4.4.0 - Security Fixes, Bug Fixes, and Enhancements Update (Moderate) (RHSA-2023:2101)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2101 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...
7.5CVSS
8.4AI Score
0.009EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.21 (RHSA-2023:3545)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3545 advisory. golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) flask: Possible disclosure of permanent session...
9.8CVSS
7AI Score
0.003EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: net/http, net/textproto,...
9.8CVSS
8.1AI Score
0.005EPSS
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0189)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0189 advisory. Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to handle entity tags, cache control...
8CVSS
7.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
0.001EPSS
RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
8.9AI Score
0.972EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.8CVSS
8.6AI Score
0.003EPSS
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:0187)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0187 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fix(es): * Cookie request header isn't stripped during cross-origin...
8.1CVSS
7.6AI Score
0.001EPSS
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2912 advisory. nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons (CVE-2016-1000232) nodejs-tough-cookie: Regular...
7.5CVSS
6.9AI Score
0.011EPSS
RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2913 advisory. nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010) Note that Nessus has not tested for this issue but has instead relied...
7.5CVSS
6.5AI Score
0.011EPSS
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...
9.8CVSS
9.5AI Score
0.959EPSS
RHEL 6 : katello (RHSA-2012:1186)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1186 advisory. Katello allows you to manage the application life-cycle for Linux systems. Katello is used by CloudForms System Engine, an Infrastructure as a...
9.8CVSS
6.4AI Score
0.015EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...
5.4CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through...
5.4CVSS
5.7AI Score
0.0004EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
6.7AI Score
0.001EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
9AI Score
0.001EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
9.2AI Score
0.001EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
9.2AI Score
0.001EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
6.7AI Score
0.001EPSS
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
6.6AI Score
0.001EPSS
CVE-2022-36029 BigBlueButton Greenlight Open Redirect vulnerability
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
9.4AI Score
0.001EPSS
CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
9.4AI Score
0.001EPSS
CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the return_to cookie. Versions 2.13.0 contains a patch for the...
9.1CVSS
6.8AI Score
0.001EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
U.S. Dept Of Defense: reflected xss [CVE-2020-3580]
Hey Security Team It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. website: ███████ attached When the user clicks submit, his information will be stolen Impact Cookie Stealing.....
6.1CVSS
5.9AI Score
0.971EPSS
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and...
6.5AI Score
Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details ** CVEID: CVE-2018-6561 DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by...
9.8CVSS
10AI Score
0.732EPSS
Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...
8.1CVSS
7.9AI Score
0.001EPSS
Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...
6.5CVSS
6.5AI Score
0.0004EPSS
Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by....
6.5CVSS
6.9AI Score
0.001EPSS
NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload.....
6.2AI Score
0.002EPSS
CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The webapp contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The webapp also...
6.8AI Score
0.0004EPSS
Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...
9.8CVSS
10AI Score
0.012EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...
10CVSS
7.4AI Score
0.957EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...
7.1CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...
7.1CVSS
6.7AI Score
0.0004EPSS
Dan Solove on Privacy Regulation
Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: "I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article." His mini-abstract: In this Article I argue that most of the time, privacy...
7.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS