Lucene search

K

AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Pollock” Security Vulnerabilities

nvd
nvd

CVE-2024-37349

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

4.5CVSS

EPSS

2024-06-20 06:15 PM
3
cve
cve

CVE-2024-37349

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

4.5CVSS

4.3AI Score

EPSS

2024-06-20 06:15 PM
3
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-4408]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages [CVE-2023-4408]. ISC BIND is included as a Base OS package used by our Service Runtimes. This...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-20 06:14 PM
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones [CVE-2023-50387]. ISC BIND is included as a Base OS package used by our Service...

7.5CVSS

7AI Score

0.05EPSS

2024-06-20 06:07 PM
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50868]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when preparing an NSEC3 closest encloser proof. [CVE-2023-50868]. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabilitiy....

6.8AI Score

0.0005EPSS

2024-06-20 06:01 PM
talosblog
talosblog

Tabletop exercises are headed to the next frontier: Space

I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a real-world cyber attack or intrusion. As part of my role at Talos, I've read hundreds of tabletop...

9.8CVSS

8.2AI Score

0.321EPSS

2024-06-20 06:00 PM
redhatcve
redhatcve

CVE-2024-38557

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...

6.9AI Score

0.0004EPSS

2024-06-20 05:59 PM
3
redhatcve
redhatcve

CVE-2024-38550

In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center...

7AI Score

0.0004EPSS

2024-06-20 05:58 PM
1
redhatcve
redhatcve

CVE-2024-38547

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the...

6.9AI Score

0.0004EPSS

2024-06-20 05:58 PM
2
redhatcve
redhatcve

CVE-2024-38546

In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with...

7AI Score

0.0004EPSS

2024-06-20 05:57 PM
1
redhatcve
redhatcve

CVE-2024-38540

In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case,...

7AI Score

0.0004EPSS

2024-06-20 05:56 PM
1
redhatcve
redhatcve

CVE-2024-38558

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

7.2AI Score

0.0004EPSS

2024-06-20 05:33 PM
1
cvelist
cvelist

CVE-2024-37897 Insufficient access control for password reset in sftpgo

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

EPSS

2024-06-20 05:32 PM
3
vulnrichment
vulnrichment

CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

6.1AI Score

EPSS

2024-06-20 05:28 PM
cvelist
cvelist

CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

4.5CVSS

EPSS

2024-06-20 05:28 PM
2
cvelist
cvelist

CVE-2024-37351 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

EPSS

2024-06-20 05:25 PM
2
cvelist
cvelist

CVE-2024-37350 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...

6.5CVSS

EPSS

2024-06-20 05:18 PM
3
cve
cve

CVE-2024-37348

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

4.5AI Score

EPSS

2024-06-20 05:15 PM
1
nvd
nvd

CVE-2024-37348

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

EPSS

2024-06-20 05:15 PM
2
cve
cve

CVE-2024-37347

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....

4.5CVSS

4.5AI Score

EPSS

2024-06-20 05:15 PM
1
cve
cve

CVE-2024-37346

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...

4.9CVSS

5.2AI Score

EPSS

2024-06-20 05:15 PM
3
cve
cve

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....

4.5CVSS

4.5AI Score

EPSS

2024-06-20 05:15 PM
3
nvd
nvd

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....

4.5CVSS

EPSS

2024-06-20 05:15 PM
1
nvd
nvd

CVE-2024-37347

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....

4.5CVSS

EPSS

2024-06-20 05:15 PM
nvd
nvd

CVE-2024-37346

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...

4.9CVSS

EPSS

2024-06-20 05:15 PM
1
nvd
nvd

CVE-2024-37343

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

EPSS

2024-06-20 05:15 PM
cve
cve

CVE-2024-37343

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

4.9AI Score

EPSS

2024-06-20 05:15 PM
2
cvelist
cvelist

CVE-2024-37349 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

4.5CVSS

EPSS

2024-06-20 05:11 PM
1
cvelist
cvelist

CVE-2024-37348 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

4.5CVSS

EPSS

2024-06-20 05:05 PM
2
cvelist
cvelist

CVE-2024-37347 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....

4.5CVSS

EPSS

2024-06-20 04:56 PM
1
ibm
ibm

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software (OSS) components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM.....

9.1CVSS

9.4AI Score

0.732EPSS

2024-06-20 04:51 PM
14
cvelist
cvelist

CVE-2024-37346 Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...

4.9CVSS

EPSS

2024-06-20 04:51 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-34470

HSC MailInspector - CVE-2024-34470 A critical...

7AI Score

0.001EPSS

2024-06-20 04:47 PM
16
cvelist
cvelist

CVE-2024-37344 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....

4.5CVSS

EPSS

2024-06-20 04:38 PM
1
cvelist
cvelist

CVE-2024-37343 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

EPSS

2024-06-20 04:30 PM
3
vulnrichment
vulnrichment

CVE-2024-37343 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....

4.8CVSS

6AI Score

EPSS

2024-06-20 04:30 PM
github
github

XWiki Platform allows remote code execution from user account

Impact When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about...

9CVSS

6.7AI Score

EPSS

2024-06-20 04:19 PM
osv
osv

XWiki Platform allows remote code execution from user account

Impact When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about...

7.1AI Score

EPSS

2024-06-20 04:19 PM
osv
osv

SFTPGo has insufficient access control for password reset

Impact SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is enabled, even users with access restrictions (e.g. expired) can reset their password and log in. Patches Fixed in v2.6.1....

5.4CVSS

7.4AI Score

EPSS

2024-06-20 04:11 PM
github
github

SFTPGo has insufficient access control for password reset

Impact SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is enabled, even users with access restrictions (e.g. expired) can reset their password and log in. Patches Fixed in v2.6.1....

5.4CVSS

7.1AI Score

EPSS

2024-06-20 04:11 PM
redhatcve
redhatcve

CVE-2024-38571

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if...

7AI Score

0.0004EPSS

2024-06-20 03:55 PM
redhatcve
redhatcve

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

6.8AI Score

0.0004EPSS

2024-06-20 03:54 PM
kitploit
kitploit

BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!

A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin |...

7.5AI Score

2024-06-20 03:41 PM
1
ibm
ibm

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....

8CVSS

8.8AI Score

0.004EPSS

2024-06-20 03:31 PM
3
redhatcve
redhatcve

CVE-2024-38586

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently.....

7.2AI Score

0.0004EPSS

2024-06-20 03:29 PM
2
redhatcve
redhatcve

CVE-2024-38583

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

6.9AI Score

0.0004EPSS

2024-06-20 03:28 PM
2
redhatcve
redhatcve

CVE-2024-38582

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which...

6.9AI Score

0.0004EPSS

2024-06-20 03:28 PM
2
osv
osv

Malicious code in wordpress-theme-core (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (80d5f0fae64f9ea46cc8e1c401dac2109bdf35aedbca211a71890a83dec4722f) The OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.1 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-06-20 03:28 PM
redhatcve
redhatcve

CVE-2024-38580

In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting fil...

6.9AI Score

0.0004EPSS

2024-06-20 03:28 PM
2
redhatcve
redhatcve

CVE-2024-38579

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key_len to hash_iv_len.....

7.1AI Score

0.0004EPSS

2024-06-20 03:28 PM
2
Total number of security vulnerabilities764468