Lucene search

K

Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

nessus
nessus

GitLab 8.4 < 16.10.7 / 16.11 < 16.11.4 / 17.0 < 17.0.2 (CVE-2024-1963)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2024:1982-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1982-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) -...

7.5CVSS

7.6AI Score

0.05EPSS

2024-06-12 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1982-1)

The remote host is missing an update for...

7.5CVSS

7.5AI Score

0.05EPSS

2024-06-12 12:00 AM
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6831-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6831-1 advisory. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A...

7.8CVSS

7.8AI Score

0.0005EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : unrar (SUSE-SU-2024:1975-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1975-1 advisory. - CVE-2024-33899: Fixed a denial of service via ANSI escape squences. (bsc#1225661) Tenable has extracted the preceding description block...

7.4AI Score

0.0004EPSS

2024-06-12 12:00 AM
openvas
openvas

Microsoft Windows Multiple Vulnerabilities (KB5039217)

This host is missing an important security update according to Microsoft...

9.8CVSS

7.2AI Score

0.003EPSS

2024-06-12 12:00 AM
2
krebs
krebs

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....

9.8CVSS

8.9AI Score

0.003EPSS

2024-06-11 10:57 PM
88
osv
osv

linux-aws, linux-oracle vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-11 10:09 PM
3
osv
osv

linux-aws, linux-aws-5.15 vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-11 08:53 PM
1
github
github

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
1
osv
osv

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
osv
osv

linux-nvidia vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8AI Score

0.0004EPSS

2024-06-11 08:05 PM
ibm
ibm

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....

8.1AI Score

2024-06-11 08:00 PM
1
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-11 07:48 PM
1
rapid7blog
rapid7blog

Patch Tuesday - June 2024

It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...

9.8CVSS

9.7AI Score

0.05EPSS

2024-06-11 07:43 PM
70
redhatcve
redhatcve

CVE-2024-36129

A flaw was found in OpenTelemetry Collector. When sending an HTTP or gRPC request with a compressed payload, the Collector only verifies whether the compressed payload is beyond a certain limit but not its uncompressed version. This flaw allows an attacker using a specially crafted HTTP or gRPC...

8.2CVSS

7.8AI Score

0.0004EPSS

2024-06-11 07:27 PM
1
nvd
nvd

CVE-2024-34406

Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...

0.0004EPSS

2024-06-11 07:16 PM
1
nvd
nvd

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

0.0004EPSS

2024-06-11 07:16 PM
3
cve
cve

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 07:16 PM
25
cve
cve

CVE-2024-35213

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...

9CVSS

9.1AI Score

0.0004EPSS

2024-06-11 07:16 PM
18
cve
cve

CVE-2024-34406

Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...

6.8AI Score

0.0004EPSS

2024-06-11 07:16 PM
16
osv
osv

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

8.3AI Score

0.0004EPSS

2024-06-11 07:16 PM
nvd
nvd

CVE-2024-35213

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...

9CVSS

0.0004EPSS

2024-06-11 07:16 PM
5
cvelist
cvelist

CVE-2024-35213 Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...

9CVSS

0.0004EPSS

2024-06-11 06:37 PM
1
cvelist
cvelist

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

0.0004EPSS

2024-06-11 06:34 PM
3
vulnrichment
vulnrichment

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

8AI Score

0.0004EPSS

2024-06-11 06:34 PM
osv
osv

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-06-11 06:30 PM
1
github
github

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-11 06:30 PM
debian
debian

[SECURITY] [DSA 5708-1] cyrus-imapd security update

Debian Security Advisory DSA-5708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : cyrus-imapd CVE ID : CVE-2024-34055 Damian...

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-11 06:24 PM
1
qualysblog
qualysblog

Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review

Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...

9.8CVSS

9.3AI Score

0.003EPSS

2024-06-11 06:18 PM
12
talosblog
talosblog

Only one critical issue disclosed as part of Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 05:46 PM
28
osv
osv

linux-intel-iotg-5.15 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

8CVSS

8.2AI Score

EPSS

2024-06-11 05:45 PM
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-11 05:41 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...

7AI Score

EPSS

2024-06-11 05:40 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)

Summary IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-11 05:35 PM
3
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-06-11 05:30 PM
1
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details ** CVEID: CVE-2023-45178 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) CLI is vulnerable to a denial of service when a specially...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-11 05:29 PM
16
ibm
ibm

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite...

8.1CVSS

7AI Score

0.001EPSS

2024-06-11 05:27 PM
2
ibm
ibm

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-11 05:24 PM
2
cve
cve

CVE-2024-35265

Windows Perception Service Elevation of Privilege...

7CVSS

6.9AI Score

0.0004EPSS

2024-06-11 05:16 PM
27
nvd
nvd

CVE-2024-35265

Windows Perception Service Elevation of Privilege...

7CVSS

0.0004EPSS

2024-06-11 05:16 PM
cve
cve

CVE-2024-35252

Azure Storage Movement Client Library Denial of Service...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-06-11 05:16 PM
20
cve
cve

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-11 05:16 PM
19
nvd
nvd

CVE-2024-35252

Azure Storage Movement Client Library Denial of Service...

7.5CVSS

0.0005EPSS

2024-06-11 05:16 PM
3
nvd
nvd

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

7.8CVSS

0.001EPSS

2024-06-11 05:15 PM
5
cve
cve

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-11 05:15 PM
21
cve
cve

CVE-2024-30089

Microsoft Streaming Service Elevation of Privilege...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-06-11 05:15 PM
20
cve
cve

CVE-2024-30090

Microsoft Streaming Service Elevation of Privilege...

7CVSS

6.9AI Score

0.0004EPSS

2024-06-11 05:15 PM
20
cve
cve

CVE-2024-30093

Windows Storage Elevation of Privilege...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-11 05:15 PM
19
cve
cve

CVE-2024-30094

Windows Routing and Remote Access Service (RRAS) Remote Code Execution...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-11 05:15 PM
20
Total number of security vulnerabilities481406