Lucene search

K

Athlon™ X4 Processor Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-26879 clk: meson: Add missing clocks to axg_clk_regmaps

In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer...

6.6AI Score

0.0004EPSS

2024-04-17 10:27 AM
1
cvelist
cvelist

CVE-2024-26877 crypto: xilinx - call finalize with bh disabled

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at...

7.8AI Score

0.0004EPSS

2024-04-17 10:27 AM
ubuntucve
ubuntucve

CVE-2024-26879

In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer dereference.....

6.6AI Score

0.0004EPSS

2024-04-17 12:00 AM
6
ubuntucve
ubuntucve

CVE-2024-26881

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so,...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-04-17 12:00 AM
7
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

9.8CVSS

7.4AI Score

EPSS

2024-04-17 12:00 AM
15
ubuntucve
ubuntucve

CVE-2024-26841

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & calling clear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative...

6.7AI Score

0.0004EPSS

2024-04-17 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-26877

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at...

7.7AI Score

0.0004EPSS

2024-04-17 12:00 AM
2
ibm
ibm

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11 and Apache Commons

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache Commons Compress and Apache Commons Configuration used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF2 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries. Please...

8.1CVSS

8.3AI Score

0.001EPSS

2024-04-16 07:21 PM
8
spring
spring

Spring Framework 6.2.0-M1: Overriding Beans in Tests

Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state...

7.2AI Score

2024-04-16 12:00 AM
5
nessus
nessus

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

8CVSS

7.6AI Score

EPSS

2024-04-13 12:00 AM
30
ibm
ibm

Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)

Summary Db2 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. Vulnerability Details ** CVEID: CVE-2021-20373 DESCRIPTION: **IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable...

7.5CVSS

7.6AI Score

0.001EPSS

2024-04-12 08:13 PM
23
qualysblog
qualysblog

De-risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys VMDR and Software Composition Analysis

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...

7AI Score

2024-04-12 03:29 PM
11
ibm
ibm

Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

Summary IBM® Db2® is affected by a vulnerability in an open source library boost. Vulnerability Details ** CVEID: CVE-2012-2677 DESCRIPTION: **Boost is vulnerable to a buffer overflow, caused by improper bounds checking by the ordered_malloc() function. By persuading a victim to open a...

7AI Score

0.014EPSS

2024-04-10 05:27 PM
16
ibm
ibm

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)

Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2023-22036 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow...

5.1CVSS

6.9AI Score

0.001EPSS

2024-04-09 07:59 PM
5
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Summary IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. Vulnerability Details ** CVEID: CVE-2023-38729 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to sensitive information disclosure when...

6.8CVSS

6.1AI Score

0.0004EPSS

2024-04-09 05:06 PM
16
amd
amd

Radeon™ Driver for DirectX® 11 Shader Vulnerabilities

AMD ID:AMD-SB-6012 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD has received a report from a researcher at Cisco Talos detailing two arbitrary write vulnerabilities in the AMD Radeon™ user mode driver for DirectX®...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-04-09 12:00 AM
2
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0103)

The remote host is missing an update for...

6.5CVSS

7.2AI Score

0.001EPSS

2024-04-05 12:00 AM
13
amd
amd

Disrupting AMD SEV-SNP on Linux® With Interrupts

AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity.....

6.8AI Score

EPSS

2024-04-05 12:00 AM
3
zdt
zdt

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...

7.8AI Score

2024-04-05 12:00 AM
101
arista
arista

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...

7.5CVSS

6AI Score

0.005EPSS

2024-04-05 12:00 AM
32
ibm
ibm

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...

7.5CVSS

7.2AI Score

0.001EPSS

2024-04-04 06:00 AM
14
atlassian
atlassian

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server

This High severity net.minidev:json-smart Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This net.minidev:json-smart Dependency vulnerability, with....

7.5CVSS

7.7AI Score

0.001EPSS

2024-04-04 04:45 AM
17
packetstorm

7.4AI Score

2024-04-04 12:00 AM
66
zeroscience
zeroscience

Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

Title: Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit Advisory ID: ZSL-2024-5813 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 04.04.2024 Summary The TRA7000 series is a set of products dedicated to broadcast,...

7.8AI Score

EPSS

2024-04-04 12:00 AM
88
redhatcve
redhatcve

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

6.9AI Score

0.0004EPSS

2024-04-03 12:34 AM
2
redhatcve
redhatcve

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...

7AI Score

0.0004EPSS

2024-04-03 12:03 AM
4
redhatcve
redhatcve

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

7.1AI Score

0.0004EPSS

2024-04-03 12:02 AM
4
openvas
openvas

Fedora: Security Advisory for pandoc (FEDORA-2024-b458482d48)

The remote host is missing an update for...

6.3CVSS

6.3AI Score

0.001EPSS

2024-04-03 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for pandoc (FEDORA-2024-6ad6b9f417)

The remote host is missing an update for...

6.3CVSS

6.3AI Score

0.001EPSS

2024-04-03 12:00 AM
4
arista
arista

Security Advisory 0095

Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...

10CVSS

6.6AI Score

0.133EPSS

2024-04-03 12:00 AM
9
nessus
nessus

Elasticsearch 8.4.0 < 8.11.1 DoS (ESA-2024-05)

The version of Elasticsearch installed on the remote host is between 8.4.0 and prior to 8.11.1. It is, therefore, affected by a denial of service (DoS) vulnerability, due to an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor through the REST API. The...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-04-03 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-26768

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform has more then 64 cpus, system will crash on these platforms. MAX_CORE_PIC is the maximum cpu....

6AI Score

0.0004EPSS

2024-04-03 12:00 AM
3
nvidia
nvidia

Security Bulletin: NVIDIA CUDA Toolkit - April 2024

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...

3.3CVSS

6.7AI Score

0.0004EPSS

2024-04-03 12:00 AM
13
ubuntucve
ubuntucve

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to silence such warnings (and also avoid potential errors due to unexpected interrupts): WARNING: CPU: 1....

7.6AI Score

0.0004EPSS

2024-04-03 12:00 AM
6
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details ** CVEID: CVE-2024-22360 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-04-02 06:16 PM
16
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-27254 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server is vulnerable to denial of service with a...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-04-02 05:12 PM
10
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-04-02 05:08 PM
12
ibm
ibm

Security Bulletin: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently (CVE-2023-52296)

Summary IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. Vulnerability Details ** CVEID: CVE-2023-52296 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service when quering a...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-04-02 04:20 PM
10
debiancve
debiancve

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce:...

6.8AI Score

0.0004EPSS

2024-04-02 07:15 AM
6
nvd
nvd

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce: [Hardwa...

6.5AI Score

0.0004EPSS

2024-04-02 07:15 AM
cve
cve

CVE-2024-26674

In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels &gt;= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels &lt;= v6.3. mce: [Hardwa...

6.7AI Score

0.0004EPSS

2024-04-02 07:15 AM
29
nvd
nvd

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

7.3AI Score

0.0004EPSS

2024-04-02 07:15 AM
cve
cve

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

6.1AI Score

0.0004EPSS

2024-04-02 07:15 AM
38
debiancve
debiancve

CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity...

6.7AI Score

0.0004EPSS

2024-04-02 07:15 AM
6
nvd
nvd

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

7.5AI Score

0.0004EPSS

2024-04-02 07:15 AM
debiancve
debiancve

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

6.9AI Score

0.0004EPSS

2024-04-02 07:15 AM
3
cve
cve

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

6.4AI Score

0.0004EPSS

2024-04-02 07:15 AM
42
cvelist
cvelist

CVE-2024-26675 ppp_async: limit MRU to 64K

In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order &gt; MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...

7.6AI Score

0.0004EPSS

2024-04-02 07:01 AM
Total number of security vulnerabilities18770