Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,IPS Module,NIP6300,NetEngine16EX Security Vulnerabilities

cve
cve

CVE-2024-36677

In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...

6.9AI Score

0.0004EPSS

2024-06-19 09:15 PM
27
nvd
nvd

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

0.0004EPSS

2024-06-19 09:15 PM
3
cve
cve

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

6.7AI Score

0.0004EPSS

2024-06-19 09:15 PM
22
ibm
ibm

Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details ** CVEID: CVE-2024-37532 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS...

8.8CVSS

6.2AI Score

0.0004EPSS

2024-06-19 08:47 PM
9
schneier
schneier

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we're having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It's gotten so bad that I need to do something. My options are limited because I'm just one...

7.2AI Score

2024-06-19 08:26 PM
1
nvd
nvd

CVE-2024-34993

In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection...

0.0004EPSS

2024-06-19 08:15 PM
2
cve
cve

CVE-2024-34993

In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection...

8AI Score

0.0004EPSS

2024-06-19 08:15 PM
24
ibm
ibm

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS

9.5AI Score

0.939EPSS

2024-06-19 05:56 PM
14
ibm
ibm

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are...

7.5CVSS

9.2AI Score

0.732EPSS

2024-06-19 05:53 PM
6
ibm
ibm

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of...

7.5AI Score

0.0004EPSS

2024-06-19 03:29 PM
7
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-19 03:28 PM
9
cve
cve

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

6.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
22
debiancve
debiancve

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

7AI Score

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2021-47576

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40...

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2021-47576

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40...

6.4AI Score

0.0004EPSS

2024-06-19 03:15 PM
21
debiancve
debiancve

CVE-2021-47576

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40...

6.9AI Score

0.0004EPSS

2024-06-19 03:15 PM
thn
thn

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...

9.8CVSS

8AI Score

0.321EPSS

2024-06-19 03:09 PM
33
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
vulnrichment
vulnrichment

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

6.8AI Score

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2021-47576 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40...

0.0004EPSS

2024-06-19 02:53 PM
2
debiancve
debiancve

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...

7.5AI Score

0.0004EPSS

2024-06-19 02:15 PM
nvd
nvd

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...

0.0004EPSS

2024-06-19 02:15 PM
1
cve
cve

CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...

6.7AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
debiancve
debiancve

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using...

6.8AI Score

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

6.4AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
nvd
nvd

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...

6.6AI Score

0.0004EPSS

2024-06-19 02:15 PM
20
debiancve
debiancve

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...

7.1AI Score

0.0004EPSS

2024-06-19 02:15 PM
1
nvd
nvd

CVE-2024-38588

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...

0.0004EPSS

2024-06-19 02:15 PM
1
debiancve
debiancve

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th...

7.1AI Score

0.0004EPSS

2024-06-19 02:15 PM
2
nvd
nvd

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

0.0004EPSS

2024-06-19 02:15 PM
2
cve
cve

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

6.6AI Score

0.0004EPSS

2024-06-19 02:15 PM
20
nvd
nvd

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

6.4AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
debiancve
debiancve

CVE-2024-38565

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with...

6.9AI Score

0.0004EPSS

2024-06-19 02:15 PM
nvd
nvd

CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....

0.0004EPSS

2024-06-19 02:15 PM
3
debiancve
debiancve

CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially)...

7.5AI Score

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....

7AI Score

0.0004EPSS

2024-06-19 02:15 PM
23
cvelist
cvelist

CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...

0.0004EPSS

2024-06-19 01:48 PM
5
cvelist
cvelist

CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

0.0004EPSS

2024-06-19 01:45 PM
1
cvelist
cvelist

CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...

0.0004EPSS

2024-06-19 01:37 PM
1
vulnrichment
vulnrichment

CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...

7AI Score

0.0004EPSS

2024-06-19 01:37 PM
1
cvelist
cvelist

CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

0.0004EPSS

2024-06-19 01:35 PM
2
cvelist
cvelist

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

0.0004EPSS

2024-06-19 01:35 PM
2
vulnrichment
vulnrichment

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

6.8AI Score

0.0004EPSS

2024-06-19 01:35 PM
cvelist
cvelist

CVE-2024-38541 of: module: add buffer overflow check in of_modalias()

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....

0.0004EPSS

2024-06-19 01:35 PM
2
schneier
schneier

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI Score

2024-06-19 11:09 AM
7
ibm
ibm

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....

5.3CVSS

6AI Score

0.0004EPSS

2024-06-19 10:43 AM
6
Total number of security vulnerabilities449015