Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,IPS Module,NIP6300,NetEngine16EX Security Vulnerabilities

cvelist
cvelist

CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

0.0004EPSS

2024-06-24 01:56 PM
3
cvelist
cvelist

CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

0.0004EPSS

2024-06-24 01:52 PM
4
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:47 PM
1
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:46 PM
2
ibm
ibm

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . (CVE-2024-24783) Vulnerability Details ** CVEID: CVE-2024-24783 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the...

7AI Score

0.0004EPSS

2024-06-24 01:11 PM
1
kitploit
kitploit

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be...

7AI Score

2024-06-24 12:30 PM
4
githubexploit
githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

7CVSS

7.4AI Score

0.0004EPSS

2024-06-24 10:37 AM
38
securelist
securelist

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

8.6AI Score

2024-06-24 10:00 AM
ibm
ibm

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2023-52425]

Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2023-52425] Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-24 07:13 AM
1
ibm
ibm

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532).

Summary The security issue described in CVE-2024-37532 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-06-24 06:52 AM
1
thn
thn

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a....

7.5AI Score

2024-06-24 05:04 AM
21
cvelist
cvelist

CVE-2024-36682

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can.....

0.0004EPSS

2024-06-24 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

7.6AI Score

0.0004EPSS

2024-06-24 12:00 AM
packetstorm

9.8CVSS

7.1AI Score

0.005EPSS

2024-06-24 12:00 AM
45
nessus
nessus

CentOS 9 : kernel-5.14.0-467.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-467.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not...

5.5CVSS

7.4AI Score

EPSS

2024-06-24 12:00 AM
1
openvas
openvas

Slackware: Security Advisory (SSA:2024-174-01)

The remote host is missing an update for...

7.5AI Score

2024-06-24 12:00 AM
3
nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: * python-yaql: a library that contains a large set of commonly used functions * openstack-tripleo-heat-templates: Heat...

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
3
cvelist
cvelist

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0231)

The remote host is missing an update for...

7.3AI Score

0.0004EPSS

2024-06-24 12:00 AM
1
cvelist
cvelist

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2140-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : php (ALASPHP8.1-2024-005)

The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default),...

6.5CVSS

7.3AI Score

0.006EPSS

2024-06-24 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2168-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2168-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has...

6.6AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

AlmaLinux 8 : python3.11 (ALSA-2024:4058)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4058 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

7.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : qpdf (SUSE-SU-2024:2173-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2173-1 advisory. - CVE-2018-9918: Fixed mishandled 'expected dictionary key but found non-name object' cases that could have allowed attackers to cause a...

7.8CVSS

6.8AI Score

0.005EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

0.0004EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

7.9AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has extracted the preceding description...

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
packetstorm

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
43
almalinux
almalinux

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : pki-core (RHSA-2024:4051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wget (SUSE-SU-2024:2174-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2174-1 advisory. - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ...

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-34991

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

0.0004EPSS

2024-06-24 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2024:2171-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2171-1 advisory. - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Tenable has extracted the...

7.3CVSS

7.3AI Score

0.003EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : python3.11 (RHSA-2024:4058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-06-24 12:00 AM
osv
osv

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.7AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : dnsmasq (RHSA-2024:4052)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...

7.5CVSS

6.9AI Score

0.003EPSS

2024-06-24 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-34991

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions...

6.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : libreswan (RHSA-2024:4050)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4063)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

8.2AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2152-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2154-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2151-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

7.4AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2180-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2180-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...

6.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
Total number of security vulnerabilities449015