RHEL 7 : procps-ng,_procps (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. procps-ng, procps: process hiding through race condition enumerating /proc (CVE-2018-1121) procps-ng...
8.5AI Score
0.006EPSS
Debian dla-3809 : kio-sieve - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3809 advisory. In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password...
7.2AI Score
0.0004EPSS
RHEL 7 : openstack-ceilometer (RHSA-2019:0580)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0580 advisory. OpenStack Telemetry (ceilometer) collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents...
7.8CVSS
6.1AI Score
0.0004EPSS
Apache Tomcat 7.0.0 < 7.0.68 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.68_security-7 advisory. The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and...
8.8CVSS
8.5AI Score
0.008EPSS
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is....
8.8CVSS
0.003EPSS
CVE-2024-35990 dma: xilinx_dpdma: Fix locking
In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ ....
5.4AI Score
0.0004EPSS
openSUSE: Security Advisory for minetest (openSUSE-SU-2023:0001-1)
The remote host is missing an update for...
10CVSS
9.6AI Score
0.002EPSS
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an...
6.1CVSS
6AI Score
0.002EPSS
CVE-2024-35990 dma: xilinx_dpdma: Fix locking
In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ ....
7.2AI Score
0.0004EPSS
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this...
7.1AI Score
0.957EPSS
MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack PoC Make a contributor or higher user open a link where <> is a valid event:...
6.6AI Score
0.0004EPSS
GitLab 13.11 < 13.11.7 / 13.12 < 13.12.8 / 14.0 < 14.0.4 (CVE-2021-22234)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before...
9.6CVSS
6.2AI Score
0.001EPSS
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is....
8.8CVSS
8.6AI Score
0.003EPSS
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only...
7.2CVSS
7.2AI Score
0.004EPSS
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the.....
6AI Score
0.002EPSS
CVE-2024-38557 net/mlx5: Reload only IB representors upon lag disable/enable
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
0.0004EPSS
A week in security (May 13 – May 19)
Last week on Malwarebytes Labs: Deleted iPhone photos show up again after iOS update Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it Notorious data leak site BreachForums seized by law enforcement Apple and Google join forces to stop unwanted tracking...
6.9AI Score
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.4AI Score
0.0004EPSS
WooCommerce < 8.6.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
4.3CVSS
7.1AI Score
0.0004EPSS
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows...
9.8CVSS
0.004EPSS
CVE-2024-38557 net/mlx5: Reload only IB representors upon lag disable/enable
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
6.9AI Score
0.0004EPSS
reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC This requires Jetpack to be installed and to have a page/post with a Jetpack Contact...
5.5AI Score
0.0004EPSS
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass
Title: Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Advisory ID: ZSL-2024-5818 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The REBLE610 features an accurate hardware design, absence...
7.7AI Score
Exploit for Path Traversal in Wso2 Api Manager
CVE-2022-29464 WSO2 RCE (CVE-2022-29464) exploit and writeup....
9.8CVSS
9.9AI Score
0.973EPSS
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for...
7.2CVSS
0.001EPSS
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...
9.8CVSS
10AI Score
0.022EPSS
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via...
9.8CVSS
9.7AI Score
0.012EPSS
RHEL 7 : python-django (RHSA-2020:4390)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4390 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as...
9.8CVSS
8.1AI Score
0.029EPSS
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
7.1CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only...
7.2CVSS
7.2AI Score
0.004EPSS
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows...
9.8CVSS
9.3AI Score
0.004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these accesses were permitted inconsistently. In particular,...
7.8CVSS
6.2AI Score
0.0004EPSS
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the.....
6AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted...
9.8CVSS
9.5AI Score
0.001EPSS
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for...
7.2CVSS
7.3AI Score
0.001EPSS
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...
9.8CVSS
9.9AI Score
0.022EPSS
CVE-2023-52452 bpf: Fix accesses to uninit stack slots
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these accesses were permitted inconsistently. In particular,...
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
6.5AI Score
0.0004EPSS
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
7.1CVSS
6.5AI Score
0.0004EPSS
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
7.1CVSS
5.4AI Score
0.0004EPSS
RHEL 7 : python-django (RHSA-2015:1894)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1894 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as...
6.5AI Score
0.024EPSS
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via...
9.8CVSS
9.5AI Score
0.012EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
0.0004EPSS
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will....
5.3CVSS
0.002EPSS
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when...
5.7AI Score
0.002EPSS
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...
6.1CVSS
4.5AI Score
0.001EPSS
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will....
5.3CVSS
5.2AI Score
0.002EPSS
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when...
5.7AI Score
0.002EPSS