Lucene search

K

AMD Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” FP6 Security Vulnerabilities

cvelist
cvelist

CVE-2024-29781

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:01 PM
vulnrichment
vulnrichment

CVE-2024-29780

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.5AI Score

0.0004EPSS

2024-06-13 09:01 PM
cvelist
cvelist

CVE-2024-29778

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:01 PM
cvelist
cvelist

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 08:48 PM
2
vulnrichment
vulnrichment

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.8AI Score

0.0004EPSS

2024-06-13 08:48 PM
osv
osv

Vulnerabilities with the k8sGPT

Summary Bunch of vulnerabilities found in k8sGPT. Fixed in release...

7.3AI Score

2024-06-13 07:39 PM
1
github
github

Vulnerabilities with the k8sGPT

Summary Bunch of vulnerabilities found in k8sGPT. Fixed in release...

7.3AI Score

2024-06-13 07:39 PM
osv
osv

CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-13 07:39 PM
github
github

CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-13 07:39 PM
osv
osv

Cilium leaks sensitive information in cilium-bugtool

Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...

7.9CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:29 PM
2
github
github

Cilium leaks sensitive information in cilium-bugtool

Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...

7.9CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:29 PM
4
talosblog
talosblog

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

7.1AI Score

2024-06-13 06:00 PM
2
nvd
nvd

CVE-2024-32504

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write...

8.4CVSS

0.0004EPSS

2024-06-13 05:15 PM
2
cve
cve

CVE-2024-32504

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write...

8.4CVSS

8.4AI Score

0.0004EPSS

2024-06-13 05:15 PM
9
cve
cve

CVE-2024-31956

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds...

8.4CVSS

8.5AI Score

0.0004EPSS

2024-06-13 05:15 PM
10
nvd
nvd

CVE-2024-31956

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds...

8.4CVSS

0.0004EPSS

2024-06-13 05:15 PM
1
hackread
hackread

Chinese ‘Smishing Triad’ Group Targets Pakistanis with SMS Phishing

Protect yourself from Smishing attacks in Pakistan! Smishing Triad, a notorious cybercriminal group, is targeting Pakistani bank customers with fake Pakistan Post messages. Learn how to identify and avoid these scams to protect your financial...

7.2AI Score

2024-06-13 04:44 PM
4
impervablog
impervablog

Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats

Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...

7.5AI Score

2024-06-13 04:15 PM
1
nvd
nvd

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

0.0004EPSS

2024-06-13 04:15 PM
3
cve
cve

CVE-2024-37877

UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in...

6.8AI Score

0.0004EPSS

2024-06-13 04:15 PM
9
cve
cve

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.7AI Score

0.0004EPSS

2024-06-13 04:15 PM
11
nvd
nvd

CVE-2024-37877

UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in...

0.0004EPSS

2024-06-13 04:15 PM
1
osv
osv

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7AI Score

0.0004EPSS

2024-06-13 04:15 PM
1
cvelist
cvelist

CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

0.0004EPSS

2024-06-13 04:09 PM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
1
nvd
nvd

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

0.0004EPSS

2024-06-13 03:15 PM
2
cve
cve

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
12
osv
osv

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 03:15 PM
1
wizblog
wizblog

Wiz at Re:Inforce 2024

See what’s new with Wiz at Re:Inforce 2024 with this year’s...

7.2AI Score

2024-06-13 02:57 PM
osv
osv

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

7.7AI Score

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
9
nvd
nvd

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

0.0004EPSS

2024-06-13 02:15 PM
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
nvd
nvd

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 02:15 PM
10
vulnrichment
vulnrichment

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 02:10 PM
1
cvelist
cvelist

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

0.0004EPSS

2024-06-13 02:10 PM
5
cvelist
cvelist

CVE-2024-37309 Client initialized Session-Renegotiation DoS

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

0.0004EPSS

2024-06-13 01:59 PM
1
thn
thn

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a...

2024-06-13 01:55 PM
vulnrichment
vulnrichment

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 01:46 PM
1
cvelist
cvelist

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 01:46 PM
1
malwarebytes
malwarebytes

Update now! Google Pixel vulnerability is under active exploitation

Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability,...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 01:33 PM
2
nvd
nvd

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

8.8CVSS

0.0004EPSS

2024-06-13 01:15 PM
2
cve
cve

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-13 01:15 PM
13
nvd
nvd

CVE-2024-32860

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

0.0004EPSS

2024-06-13 01:15 PM
2
cve
cve

CVE-2024-32859

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-06-13 01:15 PM
11
nvd
nvd

CVE-2024-32859

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

0.0004EPSS

2024-06-13 01:15 PM
2
cve
cve

CVE-2024-32860

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-06-13 01:15 PM
11
cve
cve

CVE-2024-32858

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-13 01:15 PM
12
nvd
nvd

CVE-2024-32858

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code...

7.5CVSS

0.0004EPSS

2024-06-13 01:15 PM
2
Total number of security vulnerabilities761278