Lucene search

K

Athlon™ X4 Processor Security Vulnerabilities

rocky
rocky

libreoffice security fix update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

8.8CVSS

7.5AI Score

0.001EPSS

2024-03-27 04:34 AM
9
nessus
nessus

Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0301)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0301 advisory. In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during...

7.2CVSS

7.2AI Score

0.001EPSS

2024-03-27 12:00 AM
7
intel
intel

Intel® oneAPI Toolkit Software Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-35121 Description: Improper...

7.1AI Score

0.0004EPSS

2024-03-27 12:00 AM
6
redhatcve
redhatcve

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

7AI Score

0.0004EPSS

2024-03-26 06:03 PM
8
cve
cve

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

6.2AI Score

0.0004EPSS

2024-03-26 04:15 PM
48
debiancve
debiancve

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

7.1AI Score

0.0004EPSS

2024-03-26 04:15 PM
11
nvd
nvd

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

7.5AI Score

0.0004EPSS

2024-03-26 04:15 PM
cvelist
cvelist

CVE-2024-26645 tracing: Ensure visibility when inserting an element into tracing_map

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

7.7AI Score

0.0004EPSS

2024-03-26 03:17 PM
vulnrichment
vulnrichment

CVE-2024-26645 tracing: Ensure visibility when inserting an element into tracing_map

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

6.9AI Score

0.0004EPSS

2024-03-26 03:17 PM
redhat
redhat

(RHSA-2024:1514) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.9AI Score

0.001EPSS

2024-03-26 11:46 AM
20
redhat
redhat

(RHSA-2024:1513) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.9AI Score

0.001EPSS

2024-03-26 11:46 AM
6
redhat
redhat

(RHSA-2024:1512) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.9AI Score

0.001EPSS

2024-03-26 11:32 AM
4
osv
osv

Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

6.9AI Score

0.001EPSS

2024-03-26 12:00 AM
6
ubuntucve
ubuntucve

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

7.7AI Score

0.0004EPSS

2024-03-26 12:00 AM
12
almalinux
almalinux

Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.5AI Score

0.001EPSS

2024-03-26 12:00 AM
6
nessus
nessus

RHEL 8 : libreoffice (RHSA-2024:1514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1514 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.1AI Score

0.001EPSS

2024-03-26 12:00 AM
6
openvas
openvas

Ubuntu: Security Advisory (USN-6716-1)

The remote host is missing an update for...

7.8CVSS

7.1AI Score

0.011EPSS

2024-03-26 12:00 AM
7
nessus
nessus

RHEL 8 : libreoffice (RHSA-2024:1513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1513 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.2AI Score

0.001EPSS

2024-03-26 12:00 AM
6
nessus
nessus

RHEL 8 : libreoffice (RHSA-2024:1512)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1512 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.1AI Score

0.001EPSS

2024-03-26 12:00 AM
6
nvidia
nvidia

Security Bulletin: NVIDIA ChatRTX - March 2024

NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...

8.2CVSS

8AI Score

0.0004EPSS

2024-03-26 12:00 AM
13
osv
osv

linux-azure, linux-azure-5.4 vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system.....

7.8CVSS

8AI Score

0.011EPSS

2024-03-25 11:59 PM
6
cve
cve

CVE-2024-21914

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-03-25 10:37 PM
40
nvd
nvd

CVE-2024-21914

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-03-25 10:37 PM
cvelist
cvelist

CVE-2024-21914 Rockwell Automation - FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-03-25 09:27 PM
redhatcve
redhatcve

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

6.9AI Score

0.0004EPSS

2024-03-25 06:22 PM
8
redhat
redhat

(RHSA-2024:1480) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.1AI Score

0.001EPSS

2024-03-25 05:30 PM
13
qualysblog
qualysblog

Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk

There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...

10CVSS

10AI Score

0.973EPSS

2024-03-25 03:44 PM
27
debiancve
debiancve

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

7AI Score

0.0004EPSS

2024-03-25 09:15 AM
3
nvd
nvd

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

7.3AI Score

0.0004EPSS

2024-03-25 09:15 AM
cve
cve

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

6.5AI Score

0.0004EPSS

2024-03-25 09:15 AM
36
cvelist
cvelist

CVE-2021-47139 net: hns3: put off calling register_netdev() until client initialize complete

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

6.5AI Score

0.0004EPSS

2024-03-25 09:07 AM
vulnrichment
vulnrichment

CVE-2021-47139 net: hns3: put off calling register_netdev() until client initialize complete

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

6.7AI Score

0.0004EPSS

2024-03-25 09:07 AM
thn
thn

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...

6.2AI Score

2024-03-25 09:02 AM
24
openvas
openvas

Fedora: Security Advisory for libreoffice (FEDORA-2024-5f94556a31)

The remote host is missing an update for...

7.5AI Score

2024-03-25 12:00 AM
3
nessus
nessus

RHEL 8 : libreoffice (RHSA-2024:1480)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1480 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.2AI Score

0.001EPSS

2024-03-25 12:00 AM
5
ubuntucve
ubuntucve

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this...

6.7AI Score

0.0004EPSS

2024-03-25 12:00 AM
6
ubuntu
ubuntu

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems Details Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly...

7.8CVSS

8.6AI Score

0.011EPSS

2024-03-25 12:00 AM
17
fedora
fedora

[SECURITY] Fedora 40 Update: libreoffice-24.2.1.2-5.fc40

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...

7.2AI Score

2024-03-23 12:53 AM
8
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

7.8CVSS

8.3AI Score

EPSS

2024-03-23 12:00 AM
9
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

7.8CVSS

7.4AI Score

EPSS

2024-03-23 12:00 AM
6
github
github

Server Side Template Injection (SSTI) via Twig escape handler

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Details https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99 php /** * Defines a new escaper to be used via...

8.8CVSS

8.4AI Score

0.0004EPSS

2024-03-22 04:56 PM
12
osv
osv

Server Side Template Injection (SSTI) via Twig escape handler

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Details https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99 php /** * Defines a new escaper to be used via...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-03-22 04:56 PM
6
github
github

Server Side Template Injection (SSTI)

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine config variable. As a result, attacker can bypass previous patch. Details The twig context has a function declared called getFunction. ```php public function getFunction($name) { ...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-03-22 04:55 PM
6
osv
osv

Server Side Template Injection (SSTI)

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine config variable. As a result, attacker can bypass previous patch. Details The twig context has a function declared called getFunction. ```php public function getFunction($name) { ...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-03-22 04:55 PM
2
github
github

Server Side Template Injection (SSTI)

Summary Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Details {{...

8.8CVSS

8.4AI Score

0.0004EPSS

2024-03-22 04:35 PM
8
osv
osv

Server Side Template Injection (SSTI)

Summary Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Details {{...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-03-22 04:35 PM
5
spring
spring

Reflectionless Templates With Spring

A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...

7.2AI Score

2024-03-22 12:00 AM
12
osv
osv

CVE-2024-28119

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

8.8CVSS

8AI Score

0.0004EPSS

2024-03-21 10:15 PM
5
nvd
nvd

CVE-2024-28119

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-03-21 10:15 PM
osv
osv

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can....

8.8CVSS

9.1AI Score

0.0004EPSS

2024-03-21 10:15 PM
9
Total number of security vulnerabilities18700