Lucene search

K

AMD Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “Cezanne” Security Vulnerabilities

veeam
veeam

Import Job Fails with "No kopia manifests found in the repository"

The solution is to install Veeam Kasten for Kubernetes with an identical namespace in both source and target cluster, and the same...

7.1AI Score

2024-06-14 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0217)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-38312

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the...

6.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : kernel-rt (RLSA-2024:3627)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

9.3AI Score

0.001EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...

9AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : exempi (RLSA-2024:3066)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-14 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36287

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...

3.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : ruby:3.1 (RLSA-2024:3546)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby:...

8.9AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-22-059) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

7.5CVSS

7AI Score

0.013EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-22-235) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0,...

3.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : tomcat (RLSA-2024:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...

7.1AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

PHP CGI Argument Injection Remote Code Execution

PHP versions 5.0.0 < 8.1.29, 8.2.x < 8.2.20, 8.3.x < 8.3.8 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request only when PHP is installed with Apache2 and PHP-CGI on Windows with certain languages (code...

8.2AI Score

2024-06-14 12:00 AM
1
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
34
nessus
nessus

Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...

8.8CVSS

7.5AI Score

0.002EPSS

2024-06-14 12:00 AM
cvelist
cvelist

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

0.0004EPSS

2024-06-14 12:00 AM
wpvulndb
wpvulndb

Newspaper < 12.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS

5.9AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-22-059)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

7.5CVSS

7AI Score

0.013EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-22-235)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-235 advisory. An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0,...

3.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : pcs (RLSA-2024:2953)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) * rubygem-rack: Possible DoS Vulnerability with Range...

5.8CVSS

5.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
wpvulndb
wpvulndb

tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS

5.9AI Score

0.0004EPSS

2024-06-14 12:00 AM
exploitdb

9.8CVSS

7.4AI Score

0.476EPSS

2024-06-14 12:00 AM
34
exploitdb

5.5CVSS

7.4AI Score

0.002EPSS

2024-06-14 12:00 AM
35
nessus
nessus

Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

9.5AI Score

0.001EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 9 : tomcat (RLSA-2024:3307)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3307 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...

7.1AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Rocky Linux 8 : git-lfs (RLSA-2024:3346)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3346 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...

5.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

AlmaLinux 9 : ruby (ALSA-2024:3838)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...

8.8CVSS

7.8AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet Fortigate (FG-IR-22-059)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

7.5CVSS

7AI Score

0.013EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : libXpm (RLSA-2024:2974)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2974 advisory. * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) * libXpm: out of bounds read on XPM with corrupted colormap...

5.5CVSS

7.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Fortinet FortiClient (FG-IR-22-044)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-044 advisory. An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0...

7.7CVSS

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3671 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...

9AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Debian dla-3827 : libcolorcorrect5 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...

6.4AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) *...

8.8CVSS

7.7AI Score

0.0005EPSS

2024-06-14 12:00 AM
debiancve
debiancve

CVE-2024-0092

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of...

5.5CVSS

5.5AI Score

0.0004EPSS

2024-06-13 10:15 PM
7
debiancve
debiancve

CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 10:15 PM
15
debiancve
debiancve

CVE-2024-0091

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data...

7.8CVSS

7.5AI Score

0.0004EPSS

2024-06-13 10:15 PM
8
cve
cve

CVE-2024-32923

there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

6.6AI Score

0.0004EPSS

2024-06-13 09:15 PM
11
nvd
nvd

CVE-2024-32926

there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
cve
cve

CVE-2024-32924

In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

6.6AI Score

0.0004EPSS

2024-06-13 09:15 PM
11
cve
cve

CVE-2024-32925

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

7.5AI Score

0.0004EPSS

2024-06-13 09:15 PM
15
nvd
nvd

CVE-2024-32923

there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
cve
cve

CVE-2024-32926

there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.8AI Score

0.0004EPSS

2024-06-13 09:15 PM
14
nvd
nvd

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
nvd
nvd

CVE-2024-32930

In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
nvd
nvd

CVE-2024-32925

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
nvd
nvd

CVE-2024-32924

In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
2
cve
cve

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.4AI Score

0.0004EPSS

2024-06-13 09:15 PM
44
cve
cve

CVE-2024-32930

In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...

6AI Score

0.0004EPSS

2024-06-13 09:15 PM
11
nvd
nvd

CVE-2024-32919

In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
2
nvd
nvd

CVE-2024-32922

In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
nvd
nvd

CVE-2024-32921

In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

0.0004EPSS

2024-06-13 09:15 PM
1
Total number of security vulnerabilities767559