Release Information for Veeam Service Provider Console 7 Cumulative Patches
Release Information for Veeam Service Provider Console 7 Cumulative...
6.7AI Score
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...
6CVSS
4.5AI Score
0.001EPSS
CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...
7.5CVSS
7AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
CVE-2024-24919 Exploit script for...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Checker A simple bash script to check for the...
8.6CVSS
6.2AI Score
0.945EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
Amazon Systems Manager (SSM) Agent Installed (macOS)
Amazon Systems Manager (SSM) Agent is installed on the remote macOS or Mac OS X host. Note that 'Perform thorough tests' is required for this plugin to...
7.3AI Score
Amazon Systems Manager (SSM) Agent Installed (Windows)
Amazon Systems Manager (SSM) Agent is installed on the remote Windows...
7.4AI Score
Amazon Systems Manager (SSM) Agent Installed (Linux)
Amazon Systems Manager (SSM) Agent is installed on the remote Linux...
7.4AI Score
Contact Form Widget < 1.4.0 - Sensitive Information Exposure
Description The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to extract sensitive user or...
5.3CVSS
6.9AI Score
0.0004EPSS
intel-microcode is vulnerable to information disclosure. The vulnerability is due to non-transparent sharing of return predictor targets between contexts, which may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.4AI Score
0.0004EPSS
intel-microcode is vulnerable to information disclosure. The vulnerability is due to incorrect calculation in the microcode keying mechanism, which may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
4.9AI Score
0.0004EPSS
Ghost < 1.5.0 - Unauthenticated Sensitive Information Exposure
Description The Ghost plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log...
7.5CVSS
6AI Score
0.0004EPSS
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...
7.5CVSS
0.0004EPSS
Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel
Zitadel exposing internal database user name and host information in...
5.3CVSS
5.2AI Score
0.0004EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
7.3AI Score
Intro Simple POC Python script that check & leverage Check...
8.6CVSS
6.3AI Score
0.945EPSS
AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
Microsoft Windows Process Information
Report details on the running processes on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system...
1.4AI Score
Computer Manufacturer Information (WMI)
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial...
2.6AI Score
6.8CVSS
6.9AI Score
0.0005EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
Release Information for Dell PowerMax Plug-In for Veeam Backup & Replication
Release Information for Dell PowerMax Plug-In for Veeam Backup &...
2AI Score
Neos Flow Information disclosure in entity security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....
7.5AI Score
Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....
5.3CVSS
6.8AI Score
0.001EPSS
Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure
Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
libshadow.so is vulnerable to Information Disclosure. The vulnerability exists in change_passwd function at gpasswd.c because the password field is not properly zeroed out if the confirmation...
5.5CVSS
7.1AI Score
0.0004EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
Neos Flow Information disclosure in entity security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....
7.5AI Score
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Description The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers,...
4.3CVSS
6.4AI Score
0.0004EPSS
Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to.....
5.3CVSS
6.8AI Score
0.0005EPSS
Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. ...
6.9AI Score
0.0004EPSS
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
exim is vulnerable to Information Disclosure. The vulnerability exists due to the absence of validation for user-supplied data during the handling of NTLM challenge requests. This allows an attacker to read beyond allocated data structures, potentially leading to the disclosure of information...
3.7CVSS
6.2AI Score
0.001EPSS
HPE Systems Insight Manager RCE (CVE-2020-7200)
A remote code execution vulnerability exists in HPE Systems Insight Manager (SIM) due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. An unauthenticated, remote attacker can exploit this to bypass...
9.8CVSS
3.2AI Score
0.695EPSS
Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4...
4CVSS
6.2AI Score
0.0004EPSS
Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
4.3CVSS
6.4AI Score
0.0004EPSS
Release Information for Hitachi Plug-In for Veeam Backup & Replication
Release Information for Hitachi Plug-In for Veeam Backup &...
0.6AI Score
6.5AI Score
exim4 is vulnerable to Information Disclosure. An out-of-bounds read vulnerability exists in the smtp service of Exim which allows an attacker to disclose sensitive information on a vulnerable system by sending a specially crafted SMTP...
3.1CVSS
6.3AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Magento Information Disclosure via File upload functionality
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary...
8.8CVSS
6.7AI Score
0.001EPSS