Lucene search

K

AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Pollock” Security Vulnerabilities

github
github

LNbits improperly handles potential network and payment failures when using Eclair backend

Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....

8.1CVSS

6.7AI Score

0.0004EPSS

2024-06-17 09:24 PM
9
mageia
mageia

Updated cups packages fix security vulnerability

When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-17 08:44 PM
5
mageia
mageia

Updated iperf packages fix security vulnerability

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages....

6.7AI Score

EPSS

2024-06-17 08:44 PM
3
wallarmlab
wallarmlab

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

7.9AI Score

2024-06-17 08:33 PM
5
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.1AI Score

2024-06-17 08:28 PM
3
cve
cve

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-06-17 08:15 PM
20
nvd
nvd

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

0.0004EPSS

2024-06-17 08:15 PM
1
osv
osv

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-06-17 08:15 PM
1
nvd
nvd

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

0.0004EPSS

2024-06-17 08:15 PM
8
cve
cve

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

4.8AI Score

0.0004EPSS

2024-06-17 08:15 PM
10
osv
osv

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

4.6AI Score

0.0004EPSS

2024-06-17 08:15 PM
debiancve
debiancve

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-17 08:15 PM
17
debiancve
debiancve

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

4.8AI Score

0.0004EPSS

2024-06-17 08:15 PM
7
nvd
nvd

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

0.0004EPSS

2024-06-17 08:15 PM
2
cve
cve

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

8.1AI Score

0.0004EPSS

2024-06-17 08:15 PM
11
ibm
ibm

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

8.2CVSS

9.7AI Score

EPSS

2024-06-17 08:14 PM
2
hackread
hackread

The Future of Pi Coin: Potential and Predictions

Discover Pi Coin, the Stanford-developed cryptocurrency revolutionizing mobile mining. Explore its potential, features, and predictions for 2025. Join the future of digital currency...

7.4AI Score

2024-06-17 08:04 PM
2
cvelist
cvelist

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

0.0004EPSS

2024-06-17 07:42 PM
1
vulnrichment
vulnrichment

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

6.9AI Score

0.0004EPSS

2024-06-17 07:42 PM
redhatcve
redhatcve

CVE-2021-47460

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...

7.5AI Score

0.0004EPSS

2024-06-17 07:21 PM
vulnrichment
vulnrichment

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

7.3AI Score

0.0004EPSS

2024-06-17 07:18 PM
cvelist
cvelist

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

0.0004EPSS

2024-06-17 07:18 PM
11
nvd
nvd

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

0.0004EPSS

2024-06-17 07:15 PM
1
cve
cve

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

8.6AI Score

0.0004EPSS

2024-06-17 07:15 PM
11
github
github

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-06-17 07:09 PM
91
cvelist
cvelist

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

0.0004EPSS

2024-06-17 07:09 PM
11
vulnrichment
vulnrichment

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-17 07:09 PM
1
nvd
nvd

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the set-logic command with specific formatting...

0.0004EPSS

2024-06-17 06:15 PM
2
debiancve
debiancve

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the set-logic command with specific formatting...

6.9AI Score

0.0004EPSS

2024-06-17 06:15 PM
1
cve
cve

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the set-logic command with specific formatting...

6.9AI Score

0.0004EPSS

2024-06-17 06:15 PM
11
redhatcve
redhatcve

CVE-2024-24789

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

5.5CVSS

5.1AI Score

0.0004EPSS

2024-06-17 05:20 PM
osv
osv

Malicious code in delta0231 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7df399fa1580fb8e64d7cd2481b0212f607aa8146a1b904b83a7af05ebb8031b) The OpenSSF Package Analysis project identified 'delta0231' @ 100.0.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 04:55 PM
osv
osv

Malicious code in commando333333 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3da17f518475bb94d3d0740d0e1fc486dcce1f4fd1c8f86b9578176c4ea04a03) The OpenSSF Package Analysis project identified 'commando333333' @ 10.0.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 04:35 PM
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a...

7.5CVSS

6.8AI Score

0.052EPSS

2024-06-17 04:28 PM
45
malwarebytes
malwarebytes

(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...

7.3AI Score

2024-06-17 04:17 PM
2
osv
osv

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.5AI Score

0.0004EPSS

2024-06-17 04:15 PM
nvd
nvd

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

0.0004EPSS

2024-06-17 04:15 PM
2
debiancve
debiancve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.8AI Score

0.0004EPSS

2024-06-17 04:15 PM
cve
cve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.3AI Score

0.0004EPSS

2024-06-17 04:15 PM
17
osv
osv

Malicious code in dc-test1-asdf (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (04026ef40e4abce9afd70341d1bbb7d8907a917e7a6bd0fd6b7ffb15623a30c0) The OpenSSF Package Analysis project identified 'dc-test1-asdf' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 03:46 PM
nvd
nvd

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

0.0004EPSS

2024-06-17 03:15 PM
3
cve
cve

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.4AI Score

0.0004EPSS

2024-06-17 03:15 PM
15
debiancve
debiancve

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.8AI Score

0.0004EPSS

2024-06-17 03:15 PM
osv
osv

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.6AI Score

0.0004EPSS

2024-06-17 03:15 PM
osv
osv

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.6AI Score

0.0004EPSS

2024-06-17 03:09 PM
1
cvelist
cvelist

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

0.0004EPSS

2024-06-17 03:09 PM
5
osv
osv

PSF-2024-5

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.7AI Score

0.0004EPSS

2024-06-17 03:05 PM
cvelist
cvelist

CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

0.0004EPSS

2024-06-17 03:05 PM
1
ibm
ibm

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...

9.8CVSS

9.7AI Score

0.794EPSS

2024-06-17 02:48 PM
4
thn
thn

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have...

9.8CVSS

9.3AI Score

0.001EPSS

2024-06-17 02:39 PM
19
Total number of security vulnerabilities763933