Lucene search

K

ABB Ability™ Symphony® Plus Historian Security Vulnerabilities

alpinelinux
alpinelinux

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
cve
cve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
37
alpinelinux
alpinelinux

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
35
debiancve
debiancve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
alpinelinux
alpinelinux

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
nvd
nvd

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
osv
osv

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
debiancve
debiancve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
alpinelinux
alpinelinux

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
nvd
nvd

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5.1AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
33
cvelist
cvelist

CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
2
vulnrichment
vulnrichment

CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
vulnrichment
vulnrichment

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
vulnrichment
vulnrichment

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-29 04:02 PM
vulnrichment
vulnrichment

CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
hackerone
hackerone

HackerOne: [Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery"

Summary: Hackers are able to leak private metadata about Spot Checks (num of hackers, total budget, criteria of selection. Description: When accepting Spot Check, we are able to see the program who requested it, the budget and the description in the UI. While navigating to the Spot Check page from....

6.8AI Score

2024-05-29 02:51 PM
10
hackerone
hackerone

WakaTime: IDOR to view order information of users and personal information

Hi team, I found one bug on your domain. It's IDOR bug. Summary: Insecure Direct Object Reference ( IDOR ) is the method of controlling which users can perform a certain type of action or view set of data. Insecure Direct Object Reference ( IDOR ) is a vulnerability that allows an attacker to...

7AI Score

2024-05-29 08:41 AM
41
osv
osv

intel-microcode vulnerabilities

It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only...

7.9CVSS

7.3AI Score

0.001EPSS

2024-05-29 07:13 AM
3
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtpositioning-6.7.1-1.fc40

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
1
ubuntucve
ubuntucve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. Notes Author|...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
3
nessus
nessus

MariaDB 11.5.0 < 11.5.1

The version of MariaDB installed on the remote host is prior to 11.5.1. It is, therefore, affected by a vulnerability as referenced in the mariadb-1151-release-notes advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are...

4.9CVSS

5.4AI Score

0.0005EPSS

2024-05-29 12:00 AM
1
nessus
nessus

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
1
zdi
zdi

Phoenix Contact CHARX SEC-3100 Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw....

7.8CVSS

7.5AI Score

0.0005EPSS

2024-05-29 12:00 AM
3
wpvulndb
wpvulndb

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-29 12:00 AM
ubuntucve
ubuntucve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
3
zdi
zdi

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The...

7.5AI Score

0.0005EPSS

2024-05-29 12:00 AM
1
f5
f5

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
ubuntucve
ubuntucve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. Notes Author| Note ---|--- sbeattie | QUIC support was added in nginx...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-05-29 12:00 AM
f5
f5

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....

5.9CVSS

5.9AI Score

0.0005EPSS

2024-05-29 12:00 AM
9
nessus
nessus

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
zdi
zdi

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS

7.5AI Score

0.0005EPSS

2024-05-29 12:00 AM
2
f5
f5

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-05-29 12:00 AM
4
f5
f5

K000139628: Out-of-band Security Notification (May 29, 2024)

Security Advisory Description On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch...

6.5CVSS

5.6AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
f5
f5

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the.....

6.5CVSS

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
ubuntu
ubuntu

Intel Microcode vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages intel-microcode - Processor microcode for Intel CPUs Details It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to...

7.9CVSS

7.4AI Score

0.001EPSS

2024-05-29 12:00 AM
5
f5
f5

K000139611: NGINX HTTP/3 QUIC vulnerability CVE-2024-31079

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection...

4.8CVSS

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
10
nvidia
nvidia

Security Bulletin: Triton Inference Server - May 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

9CVSS

8AI Score

0.0004EPSS

2024-05-29 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. Notes Author| Note ---|--- sbeattie | QUIC support was added in nginx...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-05-29 12:00 AM
5
cve
cve

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

8.2AI Score

EPSS

2024-05-28 09:16 PM
4
nvd
nvd

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

7.4AI Score

EPSS

2024-05-28 09:16 PM
krebs
krebs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

7.3AI Score

2024-05-28 08:38 PM
14
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

10CVSS

9.3AI Score

EPSS

2024-05-28 08:05 PM
5
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...

5.9CVSS

6.7AI Score

0.001EPSS

2024-05-28 07:41 PM
7
Total number of security vulnerabilities65015