Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.8CVSS
9.9AI Score
0.073EPSS
Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...
5.4CVSS
6.5AI Score
0.0004EPSS
Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...
5.4CVSS
6.5AI Score
0.0004EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....
7.8CVSS
7.6AI Score
EPSS
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...
8AI Score
Exploits and vulnerabilities in Q1 2024
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....
8.9AI Score
0.972EPSS
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...
8.1CVSS
8.4AI Score
0.0004EPSS
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...
8.1CVSS
7.5AI Score
0.0004EPSS
CVE-2024-22472 Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...
8.1CVSS
8.6AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.9AI Score
0.001EPSS
8.3CVSS
8AI Score
0.025EPSS
6.8AI Score
0.0005EPSS
7.8CVSS
7AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...
7.5AI Score
EPSS
3.7CVSS
4.5AI Score
0.001EPSS
6.9AI Score
0.0004EPSS
5.5CVSS
8AI Score
0.009EPSS
SUSE SLES15 Security Update : flatpak (SUSE-SU-2024:1535-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1535-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9,...
8.4CVSS
7.5AI Score
0.0004EPSS
5.3CVSS
5.5AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
8.8CVSS
6.5AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
7.2AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
7.8CVSS
7AI Score
EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
6.2CVSS
7.5AI Score
0.001EPSS
6.7CVSS
7.1AI Score
0.0004EPSS
7.5CVSS
8AI Score
0.001EPSS
7.1AI Score
0.0004EPSS
5CVSS
7.1AI Score
0.0005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : flatpak (SUSE-SU-2024:1536-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1536-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux....
8.4CVSS
7.5AI Score
0.0004EPSS
8.2CVSS
7.1AI Score
EPSS
7.1AI Score
0.0005EPSS
7.8CVSS
8AI Score
0.011EPSS
6.6AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
KLA66617 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in ANGLE can be exploited to cause denial of service or execute...
8.4AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.003EPSS
8.8AI Score
0.0004EPSS
GLSA-202405-20 : libjpeg-turbo: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-20 (libjpeg-turbo: Multiple Vulnerabilities) Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary...
8.8CVSS
8.4AI Score
0.01EPSS
6.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
7AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.0005EPSS