Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,IPS Module,NIP6300,NetEngine16EX Security Vulnerabilities

ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...

7AI Score

EPSS

2024-06-11 05:40 PM
3
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary...

7.7AI Score

0.0004EPSS

2024-06-11 05:39 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)

Summary IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-11 05:35 PM
3
ibm
ibm

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

6.1AI Score

0.0004EPSS

2024-06-11 05:31 PM
1
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-06-11 05:30 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details ** CVEID: CVE-2023-45178 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) CLI is vulnerable to a denial of service when a specially...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-11 05:29 PM
16
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite...

8.1CVSS

7AI Score

0.001EPSS

2024-06-11 05:27 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-11 05:24 PM
2
github
github

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

7AI Score

2024-06-11 04:00 PM
1
thn
thn

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....

9.8CVSS

6.7AI Score

0.957EPSS

2024-06-11 02:32 PM
1
redhatcve
redhatcve

CVE-2024-4577

A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions......

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-11 02:26 PM
34
rapid7blog
rapid7blog

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions (Serv-U FTP and Serv-U MFT). Successful exploitation of the vulnerability allows unauthenticated attackers to read...

8.6CVSS

7.9AI Score

0.001EPSS

2024-06-11 02:25 PM
4
malwarebytes
malwarebytes

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....

6.8AI Score

2024-06-11 11:38 AM
1
malwarebytes
malwarebytes

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

6.9AI Score

2024-06-11 10:55 AM
5
malwarebytes
malwarebytes

Google’s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI Score

2024-06-11 10:45 AM
3
ibm
ibm

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

9.1CVSS

10AI Score

0.001EPSS

2024-06-11 09:52 AM
15
ibm
ibm

Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243

Summary IBM Business Automation Workflow is vulnerable to a open redirect attack. Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-06-11 09:50 AM
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
6
thn
thn

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

8AI Score

2024-06-11 06:52 AM
1
cve
cve

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-11 03:15 AM
25
nvd
nvd

CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
2
cvelist
cvelist

CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...

6.5CVSS

0.0004EPSS

2024-06-11 02:22 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6822-1)

The remote host is missing an update for...

9.8CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6823-1)

The remote host is missing an update for...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Oracle Linux 8 : idm:DL1 (ELSA-2024-3755)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3755 advisory. - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 Tenable has extracted the preceding description block...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1944-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1944-1 advisory. - Update to version 2.44.2 (bsc#1225071): - CVE-2024-23252: Fixed a vulnerability where...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : libxml2 (SUSE-SU-2024:0613-2)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0613-2 advisory. - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). Tenable has extracted the preceding description block directly from the...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-06-11 12:00 AM
1
almalinux
almalinux

Low: c-ares security update

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

4.4CVSS

5.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6825-1)

The remote host is missing an update for...

9.1CVSS

7.1AI Score

0.006EPSS

2024-06-11 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6824-1)

The remote host is missing an update for...

8.8CVSS

7.1AI Score

0.004EPSS

2024-06-11 12:00 AM
3
openvas
openvas

Mozilla Firefox Security Advisory (MFSA2024-25) - Linux

This host is missing a security update for Mozilla...

7.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

RHEL 8 : fence-agents (RHSA-2024:3795)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1962-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1962-1 advisory. - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client...

6.2CVSS

6.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

8.1AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1938-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1938-1 advisory. - CVE-2024-35195: Fix failure with updated python-requests. (bsc#1224788) Tenable has extracted the preceding description block directly...

5.6CVSS

7.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Oracle Linux 8 : thunderbird (ELSA-2024-3784)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3784 advisory. [115.11.0-1.0.1] - Add Oracle prefs file [115.11.0-1] - Update to 115.11.0 build2 Tenable has extracted the preceding description block directly from...

8.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 12:00 AM
1
almalinux
almalinux

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Amazon Linux 2 : firefox (ALASFIREFOX-2024-025)

The version of firefox installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-025 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in...

8.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36972

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the socket...

6.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6817-2)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.0005EPSS

2024-06-11 12:00 AM
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap custodia ipa [4.9.13-10.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-10] - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 - kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves:...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2024:1966-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1966-1 advisory. - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Tenable has extracted the...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

7.3AI Score

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2024:1967-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1967-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding description block.....

2.9CVSS

7.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Oracle Linux 8 : firefox (ELSA-2024-3783)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3783 advisory. [115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.11.0-1] - Update to 115.11.0 build1 Tenable has...

8.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

RHEL 8 : kpatch-patch (RHSA-2024:3805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

7.8CVSS

7.4AI Score

0.011EPSS

2024-06-11 12:00 AM
Total number of security vulnerabilities447862