Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary...

7.7AI Score

0.0004EPSS

2024-06-11 05:39 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)

Summary IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-11 05:35 PM
3
ibm
ibm

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

6.1AI Score

0.0004EPSS

2024-06-11 05:31 PM
1
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-06-11 05:30 PM
1
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details ** CVEID: CVE-2023-45178 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) CLI is vulnerable to a denial of service when a specially...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-11 05:29 PM
16
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite...

8.1CVSS

7AI Score

0.001EPSS

2024-06-11 05:27 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-11 05:24 PM
2
nvd
nvd

CVE-2024-37293

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

0.0004EPSS

2024-06-11 05:16 PM
1
cve
cve

CVE-2024-37293

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

8AI Score

0.0004EPSS

2024-06-11 05:16 PM
20
cvelist
cvelist

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

0.0004EPSS

2024-06-11 04:49 PM
1
vulnrichment
vulnrichment

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-11 04:49 PM
nvd
nvd

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

0.0004EPSS

2024-06-11 01:15 PM
1
alpinelinux
alpinelinux

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

5.5AI Score

0.0004EPSS

2024-06-11 01:15 PM
1
cve
cve

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

5.3AI Score

0.0004EPSS

2024-06-11 01:15 PM
24
debiancve
debiancve

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

5.4AI Score

0.0004EPSS

2024-06-11 01:15 PM
vulnrichment
vulnrichment

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

5.3AI Score

0.0004EPSS

2024-06-11 12:40 PM
cvelist
cvelist

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...

0.0004EPSS

2024-06-11 12:40 PM
1
schneier
schneier

LLMs Acting Deceptively

New research: "Deception abilities emerged in large language models": Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the...

7.3AI Score

2024-06-11 11:02 AM
6
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
6
nvd
nvd

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

0.0004EPSS

2024-06-11 03:15 AM
5
cve
cve

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-06-11 03:15 AM
20
osv
osv

tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary...

5.5CVSS

7.7AI Score

0.0004EPSS

2024-06-11 03:04 AM
cvelist
cvelist

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

0.0004EPSS

2024-06-11 02:11 AM
3
vulnrichment
vulnrichment

CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS

6.8AI Score

0.0004EPSS

2024-06-11 02:11 AM
openvas
openvas

Mozilla Firefox Security Advisory (MFSA2024-25) - Linux

This host is missing a security update for Mozilla...

7.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
hp
hp

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

8AI Score

EPSS

2024-06-11 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey...

5.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

7.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
ubuntu
ubuntu

LibTIFF vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages tiff - Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations,...

5.5CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Mozilla Firefox < 127.0

The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the...

7.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
zdi
zdi

(0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

6.4AI Score

2024-06-11 12:00 AM
redos
redos

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...

7.3AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibTIFF vulnerability (USN-6827-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6827-1 advisory. It was discovered that LibTIFF incorrectly handled memory when performing certain cropping...

5.5CVSS

8.6AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...

7.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

8CVSS

8.9AI Score

EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

7.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
mozilla
mozilla

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which.....

7.5AI Score

0.0004EPSS

2024-06-11 12:00 AM
3
mozilla
mozilla

Security Vulnerabilities fixed in Firefox 127 — Mozilla

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
14
nessus
nessus

Mozilla Firefox < 127.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal...

7.6AI Score

0.0004EPSS

2024-06-11 12:00 AM
packetstorm

6.6CVSS

7AI Score

0.001EPSS

2024-06-11 12:00 AM
54
nvd
nvd

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
5
cve
cve

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

7.6AI Score

0.0004EPSS

2024-06-10 10:15 PM
24
nvd
nvd

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

0.0004EPSS

2024-06-10 10:15 PM
4
osv
osv

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

5.5AI Score

0.0004EPSS

2024-06-10 10:15 PM
cve
cve

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
cve
cve

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
nvd
nvd

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

0.0005EPSS

2024-06-10 10:15 PM
8
nvd
nvd

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

0.0005EPSS

2024-06-10 10:15 PM
3
nvd
nvd

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

4.7CVSS

0.0005EPSS

2024-06-10 10:15 PM
4
cve
cve

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
Total number of security vulnerabilities104070