Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

cve
cve

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS)...

6.7AI Score

0.0004EPSS

2024-06-11 06:15 AM
18
veracode
veracode

Undefined Behavior

mlflow is vulnerable to Undefined Behavior. The vulnerability is due to inadequate validation of model names, which allows an attacker to create multiple models with the same name, leading to potential Denial of Service (DoS) and data model...

5.4CVSS

6.7AI Score

0.0004EPSS

2024-06-11 05:48 AM
vulnrichment
vulnrichment

CVE-2024-31397

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS)...

7AI Score

0.0004EPSS

2024-06-11 05:34 AM
cvelist
cvelist

CVE-2024-31397

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS)...

0.0004EPSS

2024-06-11 05:34 AM
1
cvelist
cvelist

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS)...

0.0004EPSS

2024-06-11 05:34 AM
1
vulnrichment
vulnrichment

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS)...

6.7AI Score

0.0004EPSS

2024-06-11 05:34 AM
nvd
nvd

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
2
cve
cve

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 03:15 AM
22
cve
cve

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-11 03:15 AM
18
nvd
nvd

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
4
osv
osv

tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary...

5.5CVSS

7.7AI Score

0.0004EPSS

2024-06-11 03:04 AM
vulnrichment
vulnrichment

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 02:08 AM
cvelist
cvelist

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 02:08 AM
3
cvelist
cvelist

CVE-2024-33001 Denial of service (DOS) in SAP NetWeaver and ABAP platform

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

6.5CVSS

0.0004EPSS

2024-06-11 02:05 AM
4
cvelist
cvelist

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

0.0004EPSS

2024-06-11 02:02 AM
5
vulnrichment
vulnrichment

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-11 02:02 AM
fedora
fedora

[SECURITY] Fedora 40 Update: podman-tui-1.1.0-1.fc40

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman enviro nment and SSH to connect to remote podman...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-11 01:51 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6824-1)

The remote host is missing an update for...

8.8CVSS

7.1AI Score

0.004EPSS

2024-06-11 12:00 AM
2
ubuntu
ubuntu

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 24.04 LTS Packages linux-oem-6.8 - Linux kernel for OEM systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this...

7.8CVSS

8.6AI Score

0.0005EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1944-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1944-1 advisory. - Update to version 2.44.2 (bsc#1225071): - CVE-2024-23252: Fixed a vulnerability where...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Mitel MiVoice <= 8.1 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiVoice software is R8.1 or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive...

9.8CVSS

7.4AI Score

0.059EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...

9.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Adobe Audition < 23.6.6 / 24.0.0 < 24.4.1 Multiple Vulnerabilities (APSB24-32)

The version of Adobe Audition installed on the remote Windows host is prior to 23.6.6, 24.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-32 advisory. Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-30276) NULL Pointer...

5.5CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Adobe Audition < 23.6.6 / 24.0.0 < 24.4.1 Multiple Vulnerabilities (APSB24-32) (macOS)

The version of Adobe Audition installed on the remote macOS host is prior to 23.6.6, 24.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-32 advisory. Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2024-30276) NULL Pointer Dereference...

5.5CVSS

5.7AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

KB5039294: Windows Server 2012 R2 Security Update (June 2024)

The remote Windows host is missing security update 5039294. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) DHCP Server Service Denial of Service Vulnerability (CVE-2024-30070) Windows OLE Remote...

9.8CVSS

7.6AI Score

0.003EPSS

2024-06-11 12:00 AM
1
nessus
nessus

KB5039217: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2024)

The remote Windows host is missing security update 5039217. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...

9.8CVSS

7.8AI Score

0.003EPSS

2024-06-11 12:00 AM
3
kaspersky
kaspersky

KLA68916 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...

8.1CVSS

6.3AI Score

0.001EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block (TRB) ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-02

The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...

6.4CVSS

7.3AI Score

EPSS

2024-06-11 12:00 AM
cvelist
cvelist

CVE-2024-36650

TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function setNoticeCfg of the file /lib/cste_modules/system.so, the length of the user input string NoticeUrl is not checked. This can lead to a buffer overflow, allowing attackers to construct...

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

8.1AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2024-37388

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML...

7.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

KB5039211: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (June 2024)

The remote Windows host is missing security update 5039211. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...

9.8CVSS

8.6AI Score

0.003EPSS

2024-06-11 12:00 AM
7
redos
redos

ROS-20240611-08

A vulnerability in the PushShortPixel() function of a program for reading and editing files of multiple graphic formats, ImageMagick, is related to the passing of a specially created TIFF image file to ImageMagick for editing. of the ImageMagick program for reading and editing files of multiple...

5.5CVSS

7AI Score

0.001EPSS

2024-06-11 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6817-2)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.0005EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-09

A vulnerability in the BIND DNS server is related to a flaw in the use of assert(). Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS...

7.5CVSS

7.1AI Score

0.05EPSS

2024-06-11 12:00 AM
ubuntu
ubuntu

LibTIFF vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages tiff - Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations,...

5.5CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
packetstorm

7.8CVSS

7AI Score

0.44EPSS

2024-06-11 12:00 AM
52
nessus
nessus

Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001)

According to its version number, the Mitel MiCollab software is 9.4 SP1 (9.4.107) or prior. It is, therefore, affected by the following vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to...

9.8CVSS

7.1AI Score

0.059EPSS

2024-06-11 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36650

TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function setNoticeCfg of the file /lib/cste_modules/system.so, the length of the user input string NoticeUrl is not checked. This can lead to a buffer overflow, allowing attackers to construct...

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
adobe
adobe

APSB24-32 : Security update available for Adobe Audition

Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves important memory leak and application denial-of-service...

5.5CVSS

7.4AI Score

0.001EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-07

A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...

7.5CVSS

7.1AI Score

0.05EPSS

2024-06-11 12:00 AM
2
kaspersky
kaspersky

KLA68921 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

RHEL 8 : kpatch-patch (RHSA-2024:3805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

7.8CVSS

7.4AI Score

0.011EPSS

2024-06-11 12:00 AM
zdi
zdi

(0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

6.4AI Score

2024-06-11 12:00 AM
redos
redos

ROS-20240611-12

Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...

7.5CVSS

7.1AI Score

0.002EPSS

2024-06-11 12:00 AM
Total number of security vulnerabilities481401