virtuoso-opensource vulnerabilities
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611,...
7.5CVSS
7.5AI Score
0.001EPSS
github.com/vektah/gqlparser is vulnerable to Denial Of Service. The vulnerability is due to improper input handling in the ParseQuery function. An attacker can exploit this by sending a crafted script to cause the parser to...
6.1AI Score
0.0004EPSS
CVE-2024-30285 Adobe Audition 2024 MP4 File Parsing Null Pointer Dereference
Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, leading to a denial of service. Exploitation of this issue...
5.5CVSS
0.0004EPSS
CVE-2024-30285 Adobe Audition 2024 MP4 File Parsing Null Pointer Dereference
Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, leading to a denial of service. Exploitation of this issue...
5.5CVSS
6.4AI Score
0.0004EPSS
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups
The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious...
7.2AI Score
@strapi/plugin-upload is vulnerable to Denial-of-Service (DoS). The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually...
5.3CVSS
6.7AI Score
0.0004EPSS
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....
7.8CVSS
7.7AI Score
0.213EPSS
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details ** CVEID: CVE-2023-6516 DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...
7.5CVSS
8AI Score
0.963EPSS
CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...
0.0004EPSS
CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...
6.8AI Score
0.0004EPSS
Denial Of Service Via Account Lockout
org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...
7AI Score
Server-side Template Injection (SSTI)
document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...
9.9CVSS
7.1AI Score
0.0004EPSS
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Mitigation Mitigation for this issue is either not available or....
5.7CVSS
6.9AI Score
0.0004EPSS
Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Windows
Firefox ESR is prone to multiple ...
6.6AI Score
0.0004EPSS
Virtuoso Open-Source Edition vulnerabilities
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages virtuoso-opensource - high-performance database Details Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker...
7.5CVSS
8AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
CentOS 7 : 389-ds-base (RHSA-2024:3591)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...
7.5CVSS
7.6AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - MAC OS X
Google Chrome is prone to multiple ...
8.8CVSS
8.8AI Score
0.001EPSS
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Windows
Mozilla Firefox is prone to multiple ...
6.7AI Score
0.0004EPSS
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM...
7.8CVSS
7.2AI Score
0.001EPSS
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...
7.8CVSS
7.5AI Score
0.001EPSS
Security Updates for Microsoft Dynamics 365 (on-premises) (June 2024)
The Microsoft Dynamics 365 (on-premises) is missing security updates. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for these issues but has instead relied only on...
5.7CVSS
6.5AI Score
0.001EPSS
KLA68933 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...
9.2AI Score
0.0004EPSS
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Mac OS X
Mozilla Firefox is prone to multiple ...
6.7AI Score
0.0004EPSS
NVIDIA Windows GPU Display Driver (June 2024)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of...
7.8CVSS
6.8AI Score
0.0004EPSS
RHEL 9 : expat (RHSA-2024:3926)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...
7.5CVSS
10AI Score
0.001EPSS
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
4.9CVSS
5AI Score
0.0004EPSS
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)
The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...
7.8CVSS
6.9AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...
7.5AI Score
0.0004EPSS
Option to Add Veeam Kasten for Kubernetes Does Not Appear in Veeam Backup & Replication
This issue may occur if the Veeam Kubernetes Service is not running and needs to be started or the Kasten Plug-In is not...
7.1AI Score
Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Linux
Google Chrome is prone to multiple ...
8.8CVSS
8.8AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.0005EPSS
Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Mac OS X
Firefox ESR is prone to multiple ...
6.6AI Score
0.0004EPSS
SAP NetWeaver AS Java DoS (3460407)
SAP NetWeaver Application Server for Java is affected by denial of service vulnerability: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This...
7.5CVSS
7.5AI Score
0.0004EPSS
The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....
7.1CVSS
7.3AI Score
0.001EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...
7.5CVSS
8.1AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.001EPSS
(0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...
4.3CVSS
6.8AI Score
0.001EPSS
NVIDIA Linux GPU Display Driver (June 2024)
The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...
7.8CVSS
6.8AI Score
0.0004EPSS
Zoom Workplace Desktop App < 5.17.11 Divide By Zero Vulnerability (ZSB-24018)
The version of Zoom Workplace Desktop App installed on the remote host is prior to 5.17.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-24018 advisory. Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of ...
7.6AI Score
EPSS
SAP NetWeaver AS ABAP DoS (3453170)
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....
6.5CVSS
6.5AI Score
0.0004EPSS
DR Restore - Internal error occurred: Could not retrieve artifacts for prefix
During the DR restore process the catalog service is scaled down, so when the DR Restore is re-initiated, it searches for the catalog which is not available at that time because it has been scaled...
7.2AI Score
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Notes Author| Note ---|--- mdeslaur | some binary drivers are no longer support by NVidia, so they are marked as ignored...
5.5CVSS
7AI Score
0.0004EPSS
Elasticsearch 8.13.1 <= 8.13.4 DoS (ESA-2024-14)
The version of Elasticsearch installed on the remote host is between 8.13.1 and 8.13.4. It is, therefore, affected by a denial of service (DoS) vulnerability as referenced in the ESA-2024-14 advisory: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template...
4.9CVSS
5.2AI Score
0.0004EPSS
8.1CVSS
7.1AI Score
0.0004EPSS
VSCode ipynb Remote Code Execution Exploit
VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...
7.8CVSS
7.6AI Score
0.44EPSS
KLA68934 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in...
8.8CVSS
9.3AI Score
0.001EPSS
(0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The...
4.3CVSS
6.5AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...
7.1CVSS
6.8AI Score
0.001EPSS
Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Windows
Google Chrome is prone to multiple ...
8.8CVSS
8.8AI Score
0.001EPSS