Lucene search

K

AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300 Security Vulnerabilities

openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1810)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1842)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2180-1)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1845)

The remote host is missing an update for the Huawei...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-25 12:00 AM
4
nessus
nessus

RHEL 9 : git (RHSA-2024:4083)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4083 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

9CVSS

7.2AI Score

0.001EPSS

2024-06-25 12:00 AM
1
talos
talos

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....

7.2CVSS

7.8AI Score

0.001EPSS

2024-06-25 12:00 AM
nessus
nessus

RHEL 8 : kpatch-patch (RHSA-2024:4075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4075 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

7.8CVSS

7.4AI Score

0.002EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1823)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1811)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1840)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1815)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-25 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6844-1)

The remote host is missing an update for...

4.4CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
almalinux
almalinux

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

9CVSS

9.1AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1832)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1848)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for...

6.1CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1821)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

RHEL 7 : kernel (RHSA-2024:4098)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...

6.8CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...

9.6AI Score

0.0004EPSS

2024-06-25 12:00 AM
ubuntucve
ubuntucve

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

0.0004EPSS

2024-06-25 12:00 AM
ibm
ibm

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

6.2CVSS

7.3AI Score

0.0005EPSS

2024-06-24 10:05 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-24 10:04 PM
1
cve
cve

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

7.9AI Score

0.0004EPSS

2024-06-24 09:15 PM
8
nvd
nvd

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

0.0004EPSS

2024-06-24 09:15 PM
1
malwarebytes
malwarebytes

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....

7.4AI Score

2024-06-24 04:42 PM
2
osv
osv

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
3
github
github

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
3
ibm
ibm

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27980)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

7AI Score

EPSS

2024-06-24 04:16 PM
ibm
ibm

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile (WLP) to version 24.0.0.6 for security update in WLP. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) |...

9.8CVSS

7.3AI Score

0.001EPSS

2024-06-24 03:45 PM
9
ibm
ibm

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-37532)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an identity spoofing vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

8.8CVSS

6.5AI Score

0.0004EPSS

2024-06-24 02:21 PM
1
ibm
ibm

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
cve
cve

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-06-24 02:15 PM
12
nvd
nvd

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

7.8CVSS

0.0004EPSS

2024-06-24 02:15 PM
3
debiancve
debiancve

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

7AI Score

0.0004EPSS

2024-06-24 02:15 PM
2
cve
cve

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

6.6AI Score

0.0004EPSS

2024-06-24 02:15 PM
9
nvd
nvd

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

0.0004EPSS

2024-06-24 02:15 PM
3
debiancve
debiancve

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

6.6AI Score

0.0004EPSS

2024-06-24 02:15 PM
ibm
ibm

Security Bulletin: IBM Watson AI Gateway for IBM Cloud Pak for Data is vulnerable to follow-redirects open redirect vulnerabilitiy [ CVE-2023-26159]

Summary Potentialfollow-redirects open redirect vulnerabilitiy [ CVE-2023-26159] have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...

7.3CVSS

6.5AI Score

0.001EPSS

2024-06-24 02:08 PM
1
vulnrichment
vulnrichment

CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

6.9AI Score

0.0004EPSS

2024-06-24 01:56 PM
cvelist
cvelist

CVE-2024-33847 f2fs: compress: don't allow unaligned truncation on released compress inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

0.0004EPSS

2024-06-24 01:56 PM
3
cvelist
cvelist

CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

0.0004EPSS

2024-06-24 01:52 PM
4
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:47 PM
1
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:46 PM
3
ibm
ibm

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . (CVE-2024-24783) Vulnerability Details ** CVEID: CVE-2024-24783 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the...

7AI Score

0.0004EPSS

2024-06-24 01:11 PM
1
githubexploit
githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

7CVSS

7.4AI Score

0.0004EPSS

2024-06-24 10:37 AM
48
securelist
securelist

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

8.6AI Score

2024-06-24 10:00 AM
Total number of security vulnerabilities369085