Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

redhat
redhat

(RHSA-2024:3486) Moderate: gdisk security update

The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master....

7.3AI Score

0.001EPSS

2024-05-30 05:36 AM
2
vulnrichment
vulnrichment

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 05:33 AM
cvelist
cvelist

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 05:33 AM
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to April 2024 CPU

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

7.1AI Score

2024-05-30 03:19 AM
3
veracode
veracode

Type Confusion

chromium is vulnerable to a Type Confusion. The vulnerability is due to improper handling of object types, potentially allowing a remote attacker to execute arbitrary read/write operations via a crafted HTML...

8.6AI Score

0.0004EPSS

2024-05-30 01:49 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1753)

The remote host is missing an update for the Huawei...

8.3CVSS

7.1AI Score

0.025EPSS

2024-05-30 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1742)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

RHEL 8 : gdisk (RHSA-2024:3486)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...

6.8CVSS

7.2AI Score

0.001EPSS

2024-05-30 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

7.5CVSS

7.5AI Score

0.962EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6797-1)

The remote host is missing an update for...

7.9CVSS

6.8AI Score

0.001EPSS

2024-05-30 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-36895

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
zdi
zdi

(Pwn2Own) VMware Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

9.3CVSS

7.1AI Score

0.001EPSS

2024-05-30 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

8.3CVSS

8.4AI Score

0.025EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1776)

The remote host is missing an update for the Huawei...

8.3CVSS

7.1AI Score

0.025EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

5.9CVSS

7.3AI Score

0.962EPSS

2024-05-30 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)

The remote host is missing an update for the Huawei...

5.9CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

9CVSS

6.7AI Score

0.001EPSS

2024-05-30 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.962EPSS

2024-05-30 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

8.3CVSS

8.4AI Score

0.025EPSS

2024-05-30 12:00 AM
nessus
nessus

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS

7.4AI Score

0.962EPSS

2024-05-30 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

7.5CVSS

7.5AI Score

0.962EPSS

2024-05-30 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-36018

In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8 was causing a remap operation like the below. op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a....

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....

9CVSS

8.2AI Score

0.001EPSS

2024-05-30 12:00 AM
1
redhat
redhat

(RHSA-2024:3479) Important: Red Hat OpenStack Platform 16.2 director Operator container images security update

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...

7.6AI Score

0.962EPSS

2024-05-29 09:38 PM
1
redhat
redhat

(RHSA-2024:2728) Important: Red Hat OpenStack Platform 17.1 director Operator container images security update

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...

7.5AI Score

0.962EPSS

2024-05-29 07:48 PM
2
krebs
krebs

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

7.4AI Score

2024-05-29 07:21 PM
5
talosblog
talosblog

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

6.8AI Score

2024-05-29 04:32 PM
5
debiancve
debiancve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
47
osv
osv

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
debiancve
debiancve

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
alpinelinux
alpinelinux

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
cve
cve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
37
alpinelinux
alpinelinux

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
cve
cve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
35
debiancve
debiancve

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
alpinelinux
alpinelinux

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
nvd
nvd

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
osv
osv

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
debiancve
debiancve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
alpinelinux
alpinelinux

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
Total number of security vulnerabilities104090