Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

veracode
veracode

Server-side Template Injection (SSTI)

document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...

9.9CVSS

7.1AI Score

0.0004EPSS

2024-06-13 04:43 AM
redhatcve
redhatcve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Mitigation Mitigation for this issue is either not available or....

5.7CVSS

6.9AI Score

0.0004EPSS

2024-06-13 04:42 AM
2
googleprojectzero
googleprojectzero

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 12:00 AM
1
nessus
nessus

CentOS 7 : 389-ds-base (RHSA-2024:3591)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Security Updates for Microsoft Dynamics 365 (on-premises) (June 2024)

The Microsoft Dynamics 365 (on-premises) is missing security updates. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for these issues but has instead relied only on...

5.7CVSS

6.5AI Score

0.0005EPSS

2024-06-13 12:00 AM
3
cisa_kev
cisa_kev

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM...

7.8CVSS

7.2AI Score

0.001EPSS

2024-06-13 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 AM
2
kaspersky
kaspersky

KLA68933 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...

9.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
nessus
nessus

RHEL 9 : expat (RHSA-2024:3926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...

7.5CVSS

10AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

NVIDIA Windows GPU Display Driver (June 2024)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SAP NetWeaver AS Java DoS (3460407)

SAP NetWeaver Application Server for Java is affected by denial of service vulnerability: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
veeam
veeam

Option to Add Veeam Kasten for Kubernetes Does Not Appear in Veeam Backup & Replication

This issue may occur if the Veeam Kubernetes Service is not running and needs to be started or the Kasten Plug-In is not...

7.1AI Score

2024-06-13 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6831-1)

The remote host is missing an update for...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
redos
redos

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-13 12:00 AM
veeam
veeam

DR Restore - Internal error occurred: Could not retrieve artifacts for prefix

During the DR restore process the catalog service is scaled down, so when the DR Restore is re-initiated, it searches for the catalog which is not available at that time because it has been scaled...

7.2AI Score

2024-06-13 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6829-1)

The remote host is missing an update for...

5.5CVSS

5.6AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

SAP NetWeaver AS ABAP DoS (3453170)

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
kaspersky
kaspersky

KLA68934 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in...

5.4CVSS

9.3AI Score

0.0005EPSS

2024-06-13 12:00 AM
nessus
nessus

NVIDIA Linux GPU Display Driver (June 2024)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...

7.5CVSS

8.1AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Elasticsearch 8.13.1 <= 8.13.4 DoS (ESA-2024-14)

The version of Elasticsearch installed on the remote host is between 8.13.1 and 8.13.4. It is, therefore, affected by a denial of service (DoS) vulnerability as referenced in the ESA-2024-14 advisory: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template...

4.9CVSS

5.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
zdi
zdi

(0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...

4.3CVSS

6.8AI Score

0.001EPSS

2024-06-13 12:00 AM
nessus
nessus

Zoom Workplace Desktop App < 5.17.11 Divide By Zero Vulnerability (ZSB-24018)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 5.17.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-24018 advisory. Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of ...

7.6AI Score

EPSS

2024-06-13 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6830-1)

The remote host is missing an update for...

7.4CVSS

7.1AI Score

0.0004EPSS

2024-06-13 12:00 AM
3
zdt
zdt

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

7.8CVSS

7.6AI Score

0.44EPSS

2024-06-13 12:00 AM
30
zdi
zdi

(0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The...

4.3CVSS

6.5AI Score

0.001EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...

7.1CVSS

6.8AI Score

0.001EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
3
cve
cve

CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
28
nvd
nvd

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

0.0004EPSS

2024-06-12 11:15 PM
6
debiancve
debiancve

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-12 11:15 PM
nvd
nvd

CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

0.0004EPSS

2024-06-12 11:15 PM
4
cve
cve

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
26
debiancve
debiancve

CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-12 11:15 PM
nvd
nvd

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

0.0004EPSS

2024-06-12 11:15 PM
3
cve
cve

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
24
debiancve
debiancve

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-12 11:15 PM
cvelist
cvelist

CVE-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

0.0004EPSS

2024-06-12 11:02 PM
5
vulnrichment
vulnrichment

CVE-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-12 11:02 PM
vulnrichment
vulnrichment

CVE-2024-1495 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-12 11:02 PM
cvelist
cvelist

CVE-2024-1495 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

0.0004EPSS

2024-06-12 11:02 PM
5
cvelist
cvelist

CVE-2024-1963 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

0.0004EPSS

2024-06-12 11:02 PM
5
github
github

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

7AI Score

0.0004EPSS

2024-06-12 09:31 PM
1
osv
osv

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

6.8AI Score

0.0004EPSS

2024-06-12 09:31 PM
Total number of security vulnerabilities481719