Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

osv
osv

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) Several security issues were discovered in the Linux kernel. An attacker...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-12 03:51 PM
malwarebytes
malwarebytes

Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content

Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and...

6.9AI Score

2024-06-12 03:28 PM
10
nvd
nvd

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 03:15 PM
osv
osv

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
1
cve
cve

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 03:15 PM
13
cvelist
cvelist

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 02:50 PM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:45 PM
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...

7.2AI Score

0.0004EPSS

2024-06-12 01:42 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-12 01:40 PM
1
ibm
ibm

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:38 PM
2
cve
cve

CVE-2024-5313

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 01:15 PM
15
nvd
nvd

CVE-2024-5313

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....

6.5CVSS

0.0004EPSS

2024-06-12 01:15 PM
5
osv
osv

libmatio vulnerability

It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of...

5.5CVSS

5.5AI Score

0.001EPSS

2024-06-12 12:50 PM
cve
cve

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...

9.1CVSS

9.2AI Score

0.0004EPSS

2024-06-12 12:15 PM
15
nvd
nvd

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...

9.1CVSS

0.0004EPSS

2024-06-12 12:15 PM
2
osv
osv

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...

9.1CVSS

7AI Score

0.0004EPSS

2024-06-12 12:15 PM
cvelist
cvelist

CVE-2024-5313

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....

6.5CVSS

0.0004EPSS

2024-06-12 12:14 PM
3
vulnrichment
vulnrichment

CVE-2024-5313

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts....

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-12 12:14 PM
osv
osv

libndp vulnerability

It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary...

7.4CVSS

7.3AI Score

0.0004EPSS

2024-06-12 11:59 AM
1
ibm
ibm

Security Bulletin: IBM Jazz Reporting Service is vulnerable to Information Disclosure (CVE-2024-25052)

Summary If Jazz Authentication Service is enabled, IBM Jazz Reporting System shows the JSA Client Secret in plain text. Vulnerability Details ** CVEID: CVE-2024-25052 DESCRIPTION: **IBM Jazz Reporting Service stores user credentials in plain clear text which can be read by an Admin user. CVSS...

6.3AI Score

0.0004EPSS

2024-06-12 11:43 AM
cvelist
cvelist

CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...

9.1CVSS

0.0004EPSS

2024-06-12 11:33 AM
3
redhatcve
redhatcve

CVE-2022-1941

A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized...

7.5CVSS

6.7AI Score

0.002EPSS

2024-06-12 10:54 AM
3
nvd
nvd

CVE-2024-5468

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

0.0004EPSS

2024-06-12 09:15 AM
2
cve
cve

CVE-2024-5468

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-12 09:15 AM
16
cve
cve

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-12 09:15 AM
19
vulnrichment
vulnrichment

CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-12 08:33 AM
cvelist
cvelist

CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to....

6.5CVSS

0.0004EPSS

2024-06-12 08:33 AM
3
nvd
nvd

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

0.0004EPSS

2024-06-12 08:15 AM
3
cve
cve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-12 08:15 AM
19
debiancve
debiancve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-12 08:15 AM
1
cvelist
cvelist

CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

0.0004EPSS

2024-06-12 08:03 AM
3
vulnrichment
vulnrichment

CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-12 08:03 AM
veracode
veracode

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decompressed in entirety before being discarded, which can result in...

5.3CVSS

6.6AI Score

0.0005EPSS

2024-06-12 07:45 AM
1
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
cve
cve

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

6.6AI Score

0.0004EPSS

2024-06-12 07:15 AM
15
nvd
nvd

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

0.0004EPSS

2024-06-12 07:15 AM
3
vulnrichment
vulnrichment

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

6.8AI Score

0.0004EPSS

2024-06-12 06:51 AM
cvelist
cvelist

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of...

4.7CVSS

0.0004EPSS

2024-06-12 06:51 AM
2
veracode
veracode

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity (XXE) vulnerability. The vulnerability is due to improper handling of crafted XML input via the lxml dependency in the ebookmeta.get_metadata function, allowing attackers to access sensitive information or cause a Denial of Service...

6.6AI Score

0.0004EPSS

2024-06-12 06:24 AM
veracode
veracode

Regular Expression Denial Of Service (ReDoS)

ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service (ReDoS). The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of....

7AI Score

2024-06-12 06:23 AM
githubexploit
githubexploit

Exploit for CVE-2023-11518

POC Recreating CVE 2023-36802 Procedure to Recreate the...

7.5AI Score

EPSS

2024-06-12 06:19 AM
44
githubexploit
githubexploit

Exploit for Use After Free in Microsoft

POC Recreating CVE 2023-36802 Procedure to Recreate the...

7.8CVSS

7.3AI Score

0.001EPSS

2024-06-12 06:19 AM
4
veracode
veracode

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity (XXE) vulnerability. The vulnerability is due to improper handling of crafted XML input in the ebookmeta.get_metadata function, allowing attackers to access sensitive information or cause a Denial of Service...

6.6AI Score

0.0004EPSS

2024-06-12 05:47 AM
nvd
nvd

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

0.0004EPSS

2024-06-12 03:15 AM
2
cve
cve

CVE-2024-36856

RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP...

7AI Score

0.0004EPSS

2024-06-12 03:15 AM
15
redhatcve
redhatcve

CVE-2024-25131

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...

7.2AI Score

EPSS

2024-06-12 12:48 AM
3
redhatcve
redhatcve

CVE-2024-5197

A flaw was found in libvpx. When creating images, libvpx trusts the width, height, and alignment of the user input. However, it does not properly validate the provided values. This flaw allows an attacker to craft user inputs or trick the user into opening crafted files, where these types of...

6.6AI Score

0.0004EPSS

2024-06-12 12:48 AM
1
redhatcve
redhatcve

CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-12 12:40 AM
redhatcve
redhatcve

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-12 12:36 AM
Total number of security vulnerabilities481368