Ad Inserter – Ad Manager & AdSense Ads Security Vulnerabilities
Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council
The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC). The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial...
7AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through...
5.9CVSS
7.2AI Score
0.0004EPSS
K11342432 : BIG-IP HTTP non-RFC-compliant security exposure
Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....
7.2AI Score
K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883
Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883) Impact A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit.....
7.4CVSS
7.2AI Score
0.0004EPSS
7.3AI Score
0.0004EPSS
K000138913 : BIG-IP Next CNF vulnerability CVE-2024-28132
Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing (GSLB) container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. (CVE-2024-28132) Impact An authenticated attacker....
4.4CVSS
6.7AI Score
0.0004EPSS
K000139012 : BIG-IP Next Central Manager vulnerability CVE-2024-33612
Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary....
6.8CVSS
6.7AI Score
0.0004EPSS
K000138636 : BIG-IP Configuration utility XSS vulnerability CVE-2024-31156
Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-31156) Impact An authenticated attacker may exploit.....
8CVSS
5.3AI Score
0.0004EPSS
K000139447 : Apache httpd vulnerability CVE-2024-24795
Security Advisory Description HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...
6.8AI Score
0.0004EPSS
K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks
Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP.....
7.3AI Score
Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP...
7.4AI Score
0.0004EPSS
K000138520 : BIG-IP Configuration utility vulnerability CVE-2024-27202
Security Advisory Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-27202) Impact An attacker may exploit this...
4.7CVSS
5.6AI Score
0.0004EPSS
K000138733 : BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026
Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-26026) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API...
7.5CVSS
8.4AI Score
0.0004EPSS
K000138912 : BIG-IP SSL vulnerability CVE-2024-28889
Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-28889) Impact Traffic.....
5.9CVSS
7.1AI Score
0.0004EPSS
K000138634 : BIG-IP Next Central Manager vulnerability CVE-2024-32049
Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. (CVE-2024-32049) Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle (MITM) position between a BIG-IP Next.....
7.4CVSS
7.2AI Score
0.0004EPSS
K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604
Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604) Impact An attacker may exploit this...
6.1CVSS
5.6AI Score
0.0004EPSS
Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled (for example, all or.....
7.1AI Score
K000139404 : Quarterly Security Notification (May 2024)
Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
6.9AI Score
0.0004EPSS
Oracle Linux 9 : sssd (ELSA-2024-2571)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2571 advisory. A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization...
6.1AI Score
K000139217 : BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761
Security Advisory Description Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is.....
6.5CVSS
6.8AI Score
0.0004EPSS
K000139037: TMM vulnerability CVE-2024-25560
Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...
7.5AI Score
0.0004EPSS
K000138728 : BIG-IP IPsec vulnerability CVE-2024-33608
Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-33608) Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker.....
7.5CVSS
7.2AI Score
0.0004EPSS
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
7.5AI Score
0.0005EPSS
K000138732 : BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793
Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-21793) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP NEXT Central Manager API...
7.5CVSS
8.2AI Score
0.0004EPSS
Summary IBM Financial Transaction Manager for ACH and Check Service v3.0.5.4 and v3.0.5.5 has addressed an XML External Entity Injection vulnerability. Vulnerability Details ** CVEID: CVE-2023-35892 DESCRIPTION: **IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML...
6.5AI Score
0.001EPSS
Microsoft announces the 2024 Microsoft Security Excellence Awards winners
At this year's Microsoft Security Excellence Awards, we took a journey through the evolution of cybersecurity from the 1950s to today. While this event theme celebrated the significant technological advancements that have shaped each decade, the main focus was on the Microsoft Intelligent Security....
7.1AI Score
Exploits and vulnerabilities in Q1 2024
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....
8.9AI Score
0.971EPSS
K000139532 : Node.js vulnerability CVE-2024-27983
Security Advisory Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are...
8.2CVSS
7.9AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.1AI Score
0.002EPSS
6.8AI Score
0.0005EPSS
4.5AI Score
0.001EPSS
7.5AI Score
sssd security and bug fix update
[2.9.4-6.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-6] - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0] [2.9.4-5] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-4] -...
7.5AI Score
0.0004EPSS
7.9AI Score
0.001EPSS
8AI Score
0.008EPSS
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
6.8AI Score
0.0004EPSS
Description The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
5.9AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
5.5AI Score
0.0004EPSS
6.5AI Score
0.001EPSS
6.7AI Score
0.0004EPSS
K000139533 : MySQL vulnerability CVE-2024-21090
Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
7.5CVSS
6.9AI Score
0.0005EPSS
7.5AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
SP Project & Document Manager <= 4.69 - Missing Authorization
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an.....
6.5AI Score
0.0004EPSS
SUSE SLES15 Security Update : curl (SUSE-SU-2024:1151-2)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1151-2 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...
6.9AI Score
EAN for WooCommerce < 4.9.0 - Authenticated (Shop Manager+) Arbitrary Options Update
Description The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to insufficient restrictions on option values that can be supplied. This makes it possible for authenticated attackers, with Shop...
6.5AI Score
0.0004EPSS
7.5AI Score
0.001EPSS
Directorist < 7.9.0 - Missing Authorization
Description The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.8.6. This makes it possible for unauthenticated attackers....
6.9AI Score
0.0004EPSS