Lucene search

K

ABB Ability™ Symphony® Plus Operations Security Vulnerabilities

attackerkb
attackerkb

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

5.5CVSS

7AI Score

0.213EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for qt6-qtspeech (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for qt6-qtserialport (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for qt5-qtspeech (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
2
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
30
nessus
nessus

IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. (CVE-2023-52296) IBM® Db2® is vulnerable to a denial of service with a...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for qt5-qtlocation (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
3
openvas
openvas

Fedora: Security Advisory for qt6-qtpositioning (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for wireshark (FEDORA-2024-cd1f01e5d9)

The remote host is missing an update for...

6.4CVSS

4.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

9.7AI Score

0.0004EPSS

2024-06-07 12:00 AM
26
openvas
openvas

Fedora: Security Advisory for ruff (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for wireshark (FEDORA-2024-ed93e6d44f)

The remote host is missing an update for...

6.4CVSS

4.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
2
cve
cve

CVE-2023-37539

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user...

8.4CVSS

5.2AI Score

0.0004EPSS

2024-06-06 11:15 PM
26
nvd
nvd

CVE-2023-37539

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user...

8.4CVSS

0.0004EPSS

2024-06-06 11:15 PM
cvelist
cvelist

CVE-2023-37539 HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user...

8.4CVSS

0.0004EPSS

2024-06-06 10:43 PM
1
nvd
nvd

CVE-2024-4013

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the...

5.6CVSS

0.0004EPSS

2024-06-06 10:15 PM
1
cve
cve

CVE-2024-4013

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the...

5.6CVSS

7AI Score

0.0004EPSS

2024-06-06 10:15 PM
27
cvelist
cvelist

CVE-2024-4013 Failure to update BT Mesh Replay Protection List

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the...

5.6CVSS

0.0004EPSS

2024-06-06 09:31 PM
2
vulnrichment
vulnrichment

CVE-2024-4013 Failure to update BT Mesh Replay Protection List

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the...

5.6CVSS

6.8AI Score

0.0004EPSS

2024-06-06 09:31 PM
nvd
nvd

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

0.0004EPSS

2024-06-06 07:16 PM
3
debiancve
debiancve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

9.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
2
cve
cve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

8.6AI Score

0.0004EPSS

2024-06-06 07:16 PM
36
cve
cve

CVE-2024-5187

A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS

8AI Score

0.0004EPSS

2024-06-06 07:16 PM
26
nvd
nvd

CVE-2024-5187

A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS

0.0004EPSS

2024-06-06 07:16 PM
debiancve
debiancve

CVE-2024-5187

A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS

9AI Score

0.0004EPSS

2024-06-06 07:16 PM
1
osv
osv

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-06 07:16 PM
2
nvd
nvd

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents....

6.5CVSS

0.0004EPSS

2024-06-06 07:16 PM
cve
cve

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents....

6.5CVSS

7AI Score

0.0004EPSS

2024-06-06 07:16 PM
23
vulnrichment
vulnrichment

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS

7.7AI Score

0.0004EPSS

2024-06-06 06:45 PM
cvelist
cvelist

CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx

A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

8.8CVSS

0.0004EPSS

2024-06-06 06:45 PM
2
vulnrichment
vulnrichment

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-06 06:40 PM
cvelist
cvelist

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents....

6.5CVSS

0.0004EPSS

2024-06-06 06:40 PM
vulnrichment
vulnrichment

CVE-2024-5480 Remote Code Execution in pytorch/pytorch

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

8.2AI Score

0.0004EPSS

2024-06-06 06:17 PM
cvelist
cvelist

CVE-2024-5480 Remote Code Execution in pytorch/pytorch

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

0.0004EPSS

2024-06-06 06:17 PM
4
nvd
nvd

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

0.001EPSS

2024-06-06 06:15 PM
2
cve
cve

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-06 06:15 PM
23
nvd
nvd

CVE-2024-5269

Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS

0.001EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-5269

Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS

8.1AI Score

0.001EPSS

2024-06-06 06:15 PM
22
osv
osv

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 06:15 PM
nvd
nvd

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

0.0004EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

9.2AI Score

0.0004EPSS

2024-06-06 06:15 PM
23
nvd
nvd

CVE-2024-30375

Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

0.001EPSS

2024-06-06 06:15 PM
1
cve
cve

CVE-2024-30375

Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-06 06:15 PM
20
nvd
nvd

CVE-2024-30369

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in.....

7.8CVSS

0.0005EPSS

2024-06-06 06:15 PM
1
cve
cve

CVE-2024-30369

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in.....

7.8CVSS

7.5AI Score

0.0005EPSS

2024-06-06 06:15 PM
21
talosblog
talosblog

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI Score

2024-06-06 06:00 PM
9
vulnrichment
vulnrichment

CVE-2024-30369 A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in.....

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-06 05:53 PM
cvelist
cvelist

CVE-2024-30369 A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in.....

7.8CVSS

0.0005EPSS

2024-06-06 05:53 PM
1
cvelist
cvelist

CVE-2024-5269 Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability

Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS

0.001EPSS

2024-06-06 05:50 PM
vulnrichment
vulnrichment

CVE-2024-5269 Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability

Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS

7.8AI Score

0.001EPSS

2024-06-06 05:50 PM
Total number of security vulnerabilities104071