Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

osv
osv

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852) webkitgtk:...

9.8CVSS

8.2AI Score

0.017EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

8.1CVSS

7.1AI Score

0.005EPSS

2024-06-14 01:59 PM
rocky
rocky

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the....

9.8CVSS

8.3AI Score

0.017EPSS

2024-06-14 01:59 PM
2
osv
osv

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

6.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

Image builder components bug fix, enhancement and security update

An update is available for osbuild, osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Image Builder is a service for building customized OS...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): dnspython: denial of service in stub resolver (CVE-2023-29483) For more details...

6.7AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

python-dns security update

An update is available for python-dns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-dns package contains the dnslib module that implements a DNS...

6.8AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

tuned bug fix update

An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tuned packages provide a service that tunes system settings according to a....

7.2AI Score

2024-06-14 01:59 PM
rocky
rocky

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,....

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-14 01:59 PM
rocky
rocky

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

7.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

7.5CVSS

7.2AI Score

0.05EPSS

2024-06-14 01:59 PM
1
rocky
rocky

bind and dhcp security update

An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the...

7.5CVSS

7.8AI Score

0.05EPSS

2024-06-14 01:59 PM
1
rocky
rocky

sssd security update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-14 01:41 PM
1
veracode
veracode

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...

7.1AI Score

2024-06-14 12:44 PM
veracode
veracode

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

7AI Score

2024-06-14 08:49 AM
1
nvd
nvd

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:15 AM
6
cve
cve

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 08:15 AM
10
nvd
nvd

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
nvd
nvd

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

7.8CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

7.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 08:15 AM
10
cvelist
cvelist

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

0.0004EPSS

2024-06-14 07:29 AM
3
cvelist
cvelist

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

7.8CVSS

0.0004EPSS

2024-06-14 07:19 AM
4
vulnrichment
vulnrichment

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-14 07:17 AM
cvelist
cvelist

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

0.0004EPSS

2024-06-14 07:17 AM
4
veracode
veracode

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service (DoS). The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions....

4.9CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:42 AM
1
redhatcve
redhatcve

CVE-2024-35328

A flaw was found in libyaml, where it is vulnerable to a distributed denial of service attack (DDOS). This issue affects the yaml_parser_parse function in the /src/libyaml/src/parser.c. file. Mitigation Mitigation for this issue is either not available or the currently available options don't meet....

6.7AI Score

0.0004EPSS

2024-06-14 05:12 AM
1
redhatcve
redhatcve

CVE-2024-37535

A flaw was found in gnome VTE. This flaw allows an attacker to cause a denial of service via a window resize escape...

6.1AI Score

0.0004EPSS

2024-06-14 03:57 AM
redhatcve
redhatcve

CVE-2024-34364

A flaw was found in Envoy's ext_proc and ext_authz functions. This flaw allows a remote, unauthenticated attacker to trigger excessive memory consumption, causing a denial of...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 02:42 AM
redhatcve
redhatcve

CVE-2024-34363

A flaw was found in Envoy's access log JSON formatter. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-14 02:42 AM
redhatcve
redhatcve

CVE-2024-34362

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

5.9CVSS

6.8AI Score

0.0005EPSS

2024-06-14 02:12 AM
redhatcve
redhatcve

CVE-2024-32976

A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-14 02:12 AM
redhatcve
redhatcve

CVE-2024-32975

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-14 02:12 AM
redhatcve
redhatcve

CVE-2024-32974

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-14 02:12 AM
redhatcve
redhatcve

CVE-2023-46103

A flaw was found in intel-microcode. The sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra processors that may allow an authenticated user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the...

4.7CVSS

4.4AI Score

0.0004EPSS

2024-06-14 01:42 AM
cvelist
cvelist

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : python-dns (RLSA-2024:3275)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3275 advisory. * dnspython: denial of service in stub resolver (CVE-2023-29483) Tenable has extracted the preceding description block directly from the Rocky Linux security...

6.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of...

5.3CVSS

7.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
2
nessus
nessus

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...

6.8CVSS

7AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : .NET 8.0 (RLSA-2024:3345)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3345 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

6.3CVSS

6.8AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

Debian dsa-5710 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5710 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5710-1 [email protected] ...

6.7AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

8.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) * python-cryptography: memory corruption via...

8.1CVSS

7.6AI Score

0.005EPSS

2024-06-14 12:00 AM
redos
redos

ROS-20240614-02

The vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. int and str data types. Exploitation of the vulnerability could allow an attacker to cause a denial of service due to the algorithmic...

7.5CVSS

6.9AI Score

0.006EPSS

2024-06-14 12:00 AM
2
veeam
veeam

Openshift Authentication - Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token

Theis issue is observed when the token provided while configuring oAuth does not match with the service account...

7.1AI Score

2024-06-14 12:00 AM
1
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-14 12:00 AM
Total number of security vulnerabilities481406