Lucene search

K

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Security Vulnerabilities

ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause...

7.5CVSS

7.3AI Score

0.001EPSS

2024-05-10 06:32 PM
5
rapid7blog
rapid7blog

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...

7.8AI Score

2024-05-10 05:31 PM
22
rocky
rocky

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

8.8CVSS

7.2AI Score

0.001EPSS

2024-05-10 02:32 PM
6
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

6.7AI Score

0.001EPSS

2024-05-10 02:32 PM
9
osv
osv

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

7.8CVSS

7.4AI Score

0.0005EPSS

2024-05-10 02:32 PM
8
rocky
rocky

sushi bug fix update

An update is available for sushi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Sushi is a quick file previewer for Nautilus, the GNOME desktop file manager......

7.3AI Score

2024-05-10 02:32 PM
4
osv
osv

Important: tracker-miners security update

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker. Security Fix(es): tracker-miners: sandbox escape (CVE-2023-5557) For more details about the security issue(s),...

7.7CVSS

6.7AI Score

0.005EPSS

2024-05-10 02:32 PM
4
rocky
rocky

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-05-10 02:32 PM
8
rocky
rocky

tracker-miners security update

An update is available for tracker-miners. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tracker is a powerful desktop-neutral first class object database,...

7.7CVSS

7.2AI Score

0.005EPSS

2024-05-10 02:32 PM
2
rocky
rocky

gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update

An update is available for gnome-menus, gnome-shell, gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing...

7.3AI Score

2024-05-10 02:32 PM
4
osv
osv

Moderate: flatpak security, bug fix, and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792) Security Fix(es): flatpak: TIOCLINUX can send commands outside sandbox if running on a...

10CVSS

8.9AI Score

0.001EPSS

2024-05-10 02:32 PM
3
rocky
rocky

flatpak security, bug fix, and enhancement update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed...

10CVSS

7.3AI Score

0.001EPSS

2024-05-10 02:32 PM
3
rocky
rocky

microcode_ctl bug fix and enhancement update

An update is available for microcode_ctl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The microcode_ctl packages provide microcode updates for Intel...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-05-10 02:32 PM
7
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-10 04:07 AM
7
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1578-1)

The remote host is missing an update for...

7.1CVSS

7AI Score

0.0004EPSS

2024-05-10 12:00 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...

5.9CVSS

6.4AI Score

0.001EPSS

2024-05-09 07:33 PM
21
amazon
amazon

Important: flatpak

Issue Overview: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of...

8.4CVSS

8.2AI Score

0.0004EPSS

2024-05-09 07:16 PM
3
amazon
amazon

Medium: freerdp

Issue Overview: 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based...

9.8CVSS

9.3AI Score

0.001EPSS

2024-05-09 07:16 PM
5
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

10CVSS

10AI Score

0.05EPSS

2024-05-09 12:31 PM
12
securelist
securelist

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

7.7AI Score

2024-05-09 10:00 AM
20
cvelist
cvelist

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

6.7AI Score

0.0004EPSS

2024-05-09 06:32 AM
fedora
fedora

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 02:05 AM
4
fedora
fedora

[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 02:05 AM
3
fedora
fedora

[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 01:49 AM
6
fedora
fedora

[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 01:49 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: freerdp2-2.11.7-1.fc40

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 01:41 AM
5
fedora
fedora

[SECURITY] Fedora 40 Update: freerdp-3.5.1-1.fc40

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the Fre eRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-05-09 01:41 AM
5
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1557-1)

The remote host is missing an update for...

4.7CVSS

7.1AI Score

0.001EPSS

2024-05-09 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1556-1)

The remote host is missing an update for...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-09 12:00 AM
5
nessus
nessus

Fedora 40 : freerdp (2024-050266dc33)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-050266dc33 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0...

9.8CVSS

7.1AI Score

0.0004EPSS

2024-05-09 12:00 AM
3
kaspersky
kaspersky

KLA67225 ACE vulnerability in Google Chrome

Use after free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories Chrome Releases: Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related...

9.6CVSS

7.8AI Score

0.001EPSS

2024-05-09 12:00 AM
4
nessus
nessus

Fedora 40 : freerdp2 (2024-982a7184e0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-982a7184e0 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0...

9.8CVSS

7.8AI Score

0.0004EPSS

2024-05-09 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...

7.8CVSS

7AI Score

0.011EPSS

2024-05-09 12:00 AM
6
nessus
nessus

Fedora 38 : freerdp (2024-c702ea0fb1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c702ea0fb1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0...

9.8CVSS

7.1AI Score

0.0004EPSS

2024-05-09 12:00 AM
4
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.201 for Mac and...

9.6CVSS

7.7AI Score

0.001EPSS

2024-05-09 12:00 AM
75
nessus
nessus

Fedora 39 : freerdp (2024-1b11432d52)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1b11432d52 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0...

9.8CVSS

7.8AI Score

0.0004EPSS

2024-05-09 12:00 AM
1
nessus
nessus

Juniper Junos OS Vulnerability (JSA79109)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79109 advisory. A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service...

5.5CVSS

7.5AI Score

0.0004EPSS

2024-05-09 12:00 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes...

7.5CVSS

7.4AI Score

0.001EPSS

2024-05-08 07:24 PM
5
ibm
ibm

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU.....

7.8CVSS

6.2AI Score

0.0004EPSS

2024-05-08 04:16 AM
6
nessus
nessus

SUSE SLES15 Security Update : flatpak (SUSE-SU-2024:1547-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1547-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9,...

8.4CVSS

7.5AI Score

0.0004EPSS

2024-05-08 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6766-1)

The remote host is missing an update for...

7.8CVSS

8.1AI Score

EPSS

2024-05-08 12:00 AM
16
openvas
openvas

Ubuntu: Security Advisory (USN-6765-1)

The remote host is missing an update for...

7.8CVSS

8.1AI Score

EPSS

2024-05-08 12:00 AM
5
nessus
nessus

SUSE SLES12 Security Update : flatpak (SUSE-SU-2024:1548-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1548-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9,...

8.4CVSS

7.5AI Score

0.0004EPSS

2024-05-08 12:00 AM
4
osv
osv

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

7.8CVSS

8.6AI Score

EPSS

2024-05-07 07:22 PM
5
ibm
ibm

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS

10AI Score

EPSS

2024-05-07 07:21 PM
15
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.8CVSS

9.9AI Score

0.073EPSS

2024-05-07 05:07 PM
8
github
github

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-05-07 04:49 PM
8
osv
osv

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-05-07 04:49 PM
3
osv
osv

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

7.8CVSS

7.6AI Score

EPSS

2024-05-07 03:22 PM
5
securelist
securelist

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

8.9AI Score

0.971EPSS

2024-05-07 10:00 AM
29
Total number of security vulnerabilities86984