Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

nvd
nvd

CVE-2024-5245

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...

7.8CVSS

7.8AI Score

0.0005EPSS

2024-05-23 10:15 PM
cvelist
cvelist

CVE-2024-5245 NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...

7.8CVSS

7.8AI Score

0.0005EPSS

2024-05-23 10:07 PM
vulnrichment
vulnrichment

CVE-2024-5245 NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-05-23 10:07 PM
cvelist
cvelist

CVE-2024-5292 D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on...

7.3CVSS

7.4AI Score

0.001EPSS

2024-05-23 09:29 PM
vulnrichment
vulnrichment

CVE-2024-5292 D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on...

7.3CVSS

7.2AI Score

0.001EPSS

2024-05-23 09:29 PM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

9.8CVSS

9.4AI Score

0.962EPSS

2024-05-23 06:42 PM
8
redhatcve
redhatcve

CVE-2021-47227

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain...

6.9AI Score

0.0004EPSS

2024-05-23 02:00 PM
4
rapid7blog
rapid7blog

The Take Command Summit: A Day of Resilience and Preparation

The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are...

7.5AI Score

2024-05-23 02:00 PM
5
redhatcve
redhatcve

CVE-2021-47267

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps),...

6.3AI Score

0.0004EPSS

2024-05-23 01:29 PM
1
securelist
securelist

ShrinkLocker: Turning BitLocker into ransomware

Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...

6.8AI Score

2024-05-23 12:00 PM
38
redhatcve
redhatcve

CVE-2021-47461

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN on....

6.5AI Score

0.0004EPSS

2024-05-23 11:06 AM
4
osv
osv

klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to ...

9.8CVSS

7.9AI Score

0.013EPSS

2024-05-23 09:28 AM
ibm
ibm

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2023-50312)

Summary WebSphere Application Server Liberty used by IBM Operations Analytics - Log Analysis is vulnerable to weak security. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security.....

5.3CVSS

6.2AI Score

0.0004EPSS

2024-05-23 06:14 AM
3
impervablog
impervablog

Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024

In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...

7.2AI Score

2024-05-23 04:22 AM
11
cloudfoundry
cloudfoundry

USN-6736-1: klibc vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to...

9.8CVSS

7.7AI Score

0.013EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : gmp (RHSA-2024:3214)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3214 advisory. The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point...

7.5CVSS

7.8AI Score

0.005EPSS

2024-05-23 12:00 AM
4
nessus
nessus

Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.51_security-8 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections...

9.8CVSS

7.9AI Score

0.974EPSS

2024-05-23 12:00 AM
2
nessus
nessus

Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.100_security-7 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections.....

9.8CVSS

7.9AI Score

0.974EPSS

2024-05-23 12:00 AM
3
nessus
nessus

Ubuntu 24.04 LTS : klibc vulnerabilities (USN-6736-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-2 advisory. USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was...

9.8CVSS

8.2AI Score

0.013EPSS

2024-05-23 12:00 AM
5
nessus
nessus

Apache Tomcat 9.0.0.M1 < 9.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.0.m10_security-9 advisory. The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to...

9.1CVSS

7.2AI Score

0.002EPSS

2024-05-23 12:00 AM
1
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

9.8CVSS

8AI Score

EPSS

2024-05-23 12:00 AM
11
ubuntu
ubuntu

klibc vulnerabilities

Releases Ubuntu 24.04 LTS Packages klibc - small utilities built with klibc for early boot Details USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc,...

9.8CVSS

8AI Score

0.013EPSS

2024-05-23 12:00 AM
4
nessus
nessus

Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.72_security-7 advisory. The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

9.1CVSS

7.2AI Score

0.002EPSS

2024-05-23 12:00 AM
2
nessus
nessus

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.5_and_8.0.37_security-8 advisory. The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to...

9.1CVSS

7.6AI Score

0.002EPSS

2024-05-23 12:00 AM
2
cloudfoundry
cloudfoundry

USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-28834) It was...

5.3CVSS

7.4AI Score

0.0005EPSS

2024-05-23 12:00 AM
2
redhat
redhat

(RHSA-2024:2768) Moderate: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

Paramiko, a combination of the esperanto words for paranoid and friend, is a module for python 2.3 or greater that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), the SSH2 protocol does not require heirarchical...

7.5AI Score

0.962EPSS

2024-05-22 08:34 PM
1
redhat
redhat

(RHSA-2024:2735) Moderate: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

Paramiko (a combination of the esperanto words for paranoid and friend) is a module for python 2.3 or greater that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), the SSH2 protocol does not require heirarchical...

7.6AI Score

0.962EPSS

2024-05-22 08:31 PM
4
cve
cve

CVE-2023-51636

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-22 08:15 PM
25
nvd
nvd

CVE-2023-51636

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.8AI Score

0.001EPSS

2024-05-22 08:15 PM
cvelist
cvelist

CVE-2023-51636 Avira Prime Link Following Local Privilege Escalation Vulnerability

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.8AI Score

0.001EPSS

2024-05-22 07:16 PM
1
github
github

Dapr API Token Exposure

Summary A vulnerability has been found in Dapr that causes a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This issue arises because Dapr sends the app token of the invoker app instead of the app token of the...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-05-22 06:47 PM
12
osv
osv

Dapr API Token Exposure

Summary A vulnerability has been found in Dapr that causes a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This issue arises because Dapr sends the app token of the invoker app instead of the app token of the...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-05-22 06:47 PM
2
nvd
nvd

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this...

4.7CVSS

5.4AI Score

0.0004EPSS

2024-05-22 06:15 PM
1
cve
cve

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this...

4.7CVSS

8.1AI Score

0.0004EPSS

2024-05-22 06:15 PM
26
cvelist
cvelist

CVE-2024-21791 SQL Injection in ADAudit Plus

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this...

4.7CVSS

5.4AI Score

0.0004EPSS

2024-05-22 06:05 PM
vulnrichment
vulnrichment

CVE-2024-21791 SQL Injection in ADAudit Plus

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this...

4.7CVSS

8.1AI Score

0.0004EPSS

2024-05-22 06:05 PM
qualysblog
qualysblog

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances. Google Cloud Platform (GCP) provides a default VPC called 'default.'.....

8.3AI Score

2024-05-22 05:53 PM
9
wordfence
wordfence

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1

Most of our customers scan a single site or a small number of sites for PHP malware using the Wordfence Plugin, and they coordinate scanning across multiple sites with Wordfence Central. If you are responsible for securing a large hosting provider network as part of an operations or security team,....

6.9AI Score

2024-05-22 03:00 PM
4
osv
osv

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-05-22 02:13 PM
5
github
github

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-05-22 02:13 PM
4
kitploit
kitploit

Above - Invisible Network Protocol Sniffer

Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, &lt;[email protected]&gt; Pseudonym: Caster Version: 2.6 ...

7.1AI Score

2024-05-22 12:30 PM
27
redhatcve
redhatcve

CVE-2021-47351

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it...

6.5AI Score

0.0004EPSS

2024-05-22 11:26 AM
4
redhatcve
redhatcve

CVE-2021-47360

In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to....

6.5AI Score

0.0004EPSS

2024-05-22 11:05 AM
3
redhatcve
redhatcve

CVE-2021-47393

In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed,...

6.6AI Score

0.0004EPSS

2024-05-22 10:20 AM
4
redhatcve
redhatcve

CVE-2021-47394

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF: BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955 nla_strcmp+0xf2/0x130 lib/nlattr.c:836 nft_table_lookup.part.0+0x1a2/0x460...

6.6AI Score

0.0004EPSS

2024-05-22 10:20 AM
2
ibm
ibm

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)

Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...

4.3CVSS

7.1AI Score

0.001EPSS

2024-05-22 10:02 AM
2
malwarebytes
malwarebytes

Microsoft AI &#8220;Recall&#8221; feature records everything, secures far less

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....

6.8AI Score

2024-05-22 09:14 AM
8
nvd
nvd

CVE-2021-47461

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN on....

6.4AI Score

0.0004EPSS

2024-05-22 07:15 AM
1
debiancve
debiancve

CVE-2021-47461

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN...

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
4
cve
cve

CVE-2021-47461

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN on....

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
32
Total number of security vulnerabilities104071