Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-37794

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input...

6.9AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
ubuntu
ubuntu

Rack vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Packages ruby-rack - modular Ruby webserver interface Details It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-17 12:00 AM
cvelist
cvelist

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...

0.0004EPSS

2024-06-17 12:00 AM
1
cvelist
cvelist

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the set-logic command with specific formatting...

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

XAMPP <= 7.3.2 DoS Vulnerability

XAMPP is prone to a denial of service (DoS)...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
1
openvas
openvas

Mozilla Thunderbird Security Update (mfsa_2024-28) - Mac OS X

Mozilla Thunderbird is prone to multiple ...

6.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6817-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-17 12:00 AM
1
redos
redos

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-17 12:00 AM
redos
redos

ROS-20240617-01

The strongSwan daemon vulnerability is related to certificate validation errors in TLS-based EAP methods. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of...

9.8CVSS

7.1AI Score

0.008EPSS

2024-06-17 12:00 AM
ubuntucve
ubuntucve

CVE-2024-37794

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. Bugs https://github.com/cvc5/cvc5/issues/10813 Notes Author| Note ---|--- | Priority reason: CLI crash...

6.8AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mozilla Thunderbird Security Update (mfsa_2024-28) - Windows

Mozilla Thunderbird is prone to multiple ...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
nvd
nvd

CVE-2024-38440

Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security...

0.0004EPSS

2024-06-16 01:15 PM
2
debiancve
debiancve

CVE-2024-38440

Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security...

7.3AI Score

0.0004EPSS

2024-06-16 01:15 PM
cve
cve

CVE-2024-38440

Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security...

7.2AI Score

0.0004EPSS

2024-06-16 01:15 PM
22
thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
13
cvelist
cvelist

CVE-2024-38440

Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security...

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

Debian dsa-5712 : ffmpeg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...

8AI Score

0.0004EPSS

2024-06-16 12:00 AM
nessus
nessus

Debian dsa-5713 : libndp-dbg - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5713 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5713-1 [email protected] ...

7.4CVSS

7.8AI Score

0.0004EPSS

2024-06-16 12:00 AM
1
krebs
krebs

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI Score

2024-06-15 11:40 PM
17
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
21
thn
thn

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written...

7.8CVSS

8.6AI Score

0.076EPSS

2024-06-15 08:13 AM
9
ibm
ibm

Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i. [CVE-2024-31870]

Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section....

3.3CVSS

6.2AI Score

0.0004EPSS

2024-06-15 01:00 AM
3
openvas
openvas

openSUSE: Security Advisory for bind (SUSE-SU-2024:1982-1)

The remote host is missing an update for...

7.5CVSS

7.7AI Score

0.05EPSS

2024-06-15 12:00 AM
nvd
nvd

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.3CVSS

0.0004EPSS

2024-06-14 10:15 PM
3
cve
cve

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-14 10:15 PM
29
cvelist
cvelist

CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.3CVSS

0.0004EPSS

2024-06-14 09:31 PM
3
vulnrichment
vulnrichment

CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:31 PM
1
mageia
mageia

Updated vte packages fix security vulnerability

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476....

7.2AI Score

0.008EPSS

2024-06-14 08:30 PM
6
cve
cve

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

7.7AI Score

0.0004EPSS

2024-06-14 06:15 PM
22
nvd
nvd

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

0.0004EPSS

2024-06-14 06:15 PM
3
osv
osv

linux-azure, linux-gke vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8.3AI Score

0.0005EPSS

2024-06-14 05:24 PM
1
veracode
veracode

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service (DoS). The vulnerability is due to the readObject() method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service.....

7.5CVSS

6.5AI Score

0.0005EPSS

2024-06-14 04:52 PM
3
ibm
ibm

Security Bulletin: Vulnerabilities in Golang Go and RabbitMQ Java Client might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...

7.5CVSS

8AI Score

0.002EPSS

2024-06-14 04:30 PM
1
ibm
ibm

Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, to....

9.8CVSS

9.7AI Score

0.011EPSS

2024-06-14 04:27 PM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go

Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go (essentially VADP 'VM' backup). Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...

8.9AI Score

0.0004EPSS

2024-06-14 04:25 PM
osv
osv

linux-nvidia-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

7.4AI Score

0.001EPSS

2024-06-14 03:59 PM
osv
osv

linux-azure, linux-azure-fde vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-14 03:39 PM
1
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

5.9CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
7
rocky
rocky

booth security update

An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

5.9CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
rocky
rocky

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

7.2AI Score

2024-06-14 02:00 PM
1
osv
osv

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
osv
osv

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
rocky
rocky

nodejs:20 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
rocky
rocky

nodejs security update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-14 02:00 PM
2
rocky
rocky

ipa security update

An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized.....

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
osv
osv

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....

6.3CVSS

7.2AI Score

0.0005EPSS

2024-06-14 02:00 PM
5
rocky
rocky

libvirt bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

7.4AI Score

2024-06-14 02:00 PM
2
osv
osv

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....

6.3CVSS

6.6AI Score

0.0005EPSS

2024-06-14 02:00 PM
5
osv
osv

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...

8.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 02:00 PM
3
Total number of security vulnerabilities481956