Lucene search

K

Athlon™ X4 Processor Security Vulnerabilities

cve
cve

CVE-2024-28119

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-03-21 10:15 PM
35
nvd
nvd

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can....

8.8CVSS

9.2AI Score

0.0004EPSS

2024-03-21 10:15 PM
cve
cve

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can....

8.8CVSS

9.1AI Score

0.0004EPSS

2024-03-21 10:15 PM
34
nvd
nvd

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute....

8.8CVSS

9.2AI Score

0.0004EPSS

2024-03-21 10:15 PM
cve
cve

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute....

8.8CVSS

9.2AI Score

0.0004EPSS

2024-03-21 10:15 PM
27
osv
osv

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute....

8.8CVSS

8.1AI Score

0.0004EPSS

2024-03-21 10:15 PM
1
cvelist
cvelist

CVE-2024-28119 Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-03-21 10:02 PM
cvelist
cvelist

CVE-2024-28118 Grav vulnerable to Server Side Template Injection (SSTI)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can....

8.8CVSS

9.3AI Score

0.0004EPSS

2024-03-21 09:55 PM
cvelist
cvelist

CVE-2024-28117 Grav vulnerable to Server Side Template Injection (SSTI)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute....

8.8CVSS

9.4AI Score

0.0004EPSS

2024-03-21 09:50 PM
redhat
redhat

(RHSA-2024:1473) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.3AI Score

0.001EPSS

2024-03-21 04:05 PM
7
ibm
ibm

Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...

7.5CVSS

6.8AI Score

0.001EPSS

2024-03-21 01:10 PM
11
ibm
ibm

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology affects IBM Cloud Pak System [CVE-2022-3676]

Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

6.5CVSS

6.4AI Score

0.001EPSS

2024-03-21 11:56 AM
9
openvas
openvas

Ubuntu: Security Advisory (USN-6702-2)

The remote host is missing an update for...

7.8CVSS

8.1AI Score

0.011EPSS

2024-03-21 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6702-1)

The remote host is missing an update for...

7.8CVSS

8.1AI Score

0.011EPSS

2024-03-21 12:00 AM
7
nessus
nessus

RHEL 8 : libreoffice (RHSA-2024:1473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1473 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.2AI Score

0.001EPSS

2024-03-21 12:00 AM
8
osv
osv

linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display...

7.8CVSS

7.8AI Score

0.011EPSS

2024-03-20 10:30 PM
9
rapid7blog
rapid7blog

The Updated APT Playbook: Tales from the Kimsuky threat actor group

Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...

7.8AI Score

2024-03-20 10:00 PM
22
talosblog
talosblog

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

Cisco Talos disclosed several vulnerabilities in JustSystems' Ichitaro Word Processor last year. These vulnerabilities were complex and were discovered through extensive reverse engineering. CVE-2023-35126 and its peers (CVE-2023-34366, CVE-2023-38127, and CVE-2023-38128) were each assessed as...

7.8CVSS

6.9AI Score

0.004EPSS

2024-03-20 12:00 PM
15
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-raspi - Linux kernel for Raspberry Pi...

7.8CVSS

7.6AI Score

0.011EPSS

2024-03-20 12:00 AM
17
osv
osv

linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display...

7.8CVSS

7.8AI Score

0.011EPSS

2024-03-19 09:00 PM
7
redhat
redhat

(RHSA-2024:1427) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.3AI Score

0.001EPSS

2024-03-19 05:43 PM
9
redhat
redhat

(RHSA-2024:1425) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.3AI Score

0.001EPSS

2024-03-19 05:34 PM
12
redhat
redhat

(RHSA-2024:1423) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.3AI Score

0.001EPSS

2024-03-19 05:24 PM
12
nvd
nvd

CVE-2023-32260

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

6.5CVSS

6.5AI Score

0.0004EPSS

2024-03-19 04:15 PM
cve
cve

CVE-2023-32260

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

6.5CVSS

6.9AI Score

0.0004EPSS

2024-03-19 04:15 PM
29
cve
cve

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-03-19 04:15 PM
34
nvd
nvd

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-03-19 04:15 PM
cvelist
cvelist

CVE-2023-32260 A potential Misinterpretation of Input vulnerability has been identified in SMAX, AMX, and HCMX products.

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-19 03:54 PM
cvelist
cvelist

CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-19 03:54 PM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jan 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in...

7.5CVSS

8AI Score

0.001EPSS

2024-03-19 01:36 PM
26
almalinux
almalinux

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

7.3AI Score

0.001EPSS

2024-03-19 12:00 AM
9
nessus
nessus

RHEL 9 : libreoffice (RHSA-2024:1423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1423 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.1AI Score

0.001EPSS

2024-03-19 12:00 AM
6
nessus
nessus

RHEL 9 : libreoffice (RHSA-2024:1425)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1425 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.2AI Score

0.001EPSS

2024-03-19 12:00 AM
7
osv
osv

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

6.7AI Score

0.001EPSS

2024-03-19 12:00 AM
9
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-hwe-5.4 - Linux...

7.8CVSS

7.3AI Score

0.011EPSS

2024-03-19 12:00 AM
26
nessus
nessus

RHEL 9 : libreoffice (RHSA-2024:1427)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1427 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

8.8CVSS

9.1AI Score

0.001EPSS

2024-03-19 12:00 AM
4
thn
thn

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group...

8AI Score

2024-03-18 05:56 PM
38
redhatcve
redhatcve

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

6.5AI Score

0.0004EPSS

2024-03-18 02:22 PM
8
nvd
nvd

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

7.3AI Score

0.0004EPSS

2024-03-18 11:15 AM
1
cve
cve

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

6.2AI Score

0.0004EPSS

2024-03-18 11:15 AM
52
debiancve
debiancve

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

6.6AI Score

0.0004EPSS

2024-03-18 11:15 AM
9
cvelist
cvelist

CVE-2024-26636 llc: make llc_ui_sendmsg() more robust against bonding changes

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

7.5AI Score

0.0004EPSS

2024-03-18 10:14 AM
ubuntucve
ubuntucve

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others,...

7.6AI Score

0.0004EPSS

2024-03-18 12:00 AM
6
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-2 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

7.8CVSS

8.3AI Score

EPSS

2024-03-16 12:00 AM
13
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0910-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0910-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

7.8CVSS

7.9AI Score

EPSS

2024-03-16 12:00 AM
5
thn
thn

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines...

5.6CVSS

6.7AI Score

0.976EPSS

2024-03-15 05:46 PM
49
schneier
schneier

Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...

7.7AI Score

2024-03-15 11:05 AM
10
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

7.8CVSS

8.3AI Score

EPSS

2024-03-15 12:00 AM
10
ibm
ibm

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...

7AI Score

2024-03-14 07:16 PM
9
nvd
nvd

CVE-2023-38535

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

4.7CVSS

4.8AI Score

0.0004EPSS

2024-03-13 10:15 PM
Total number of security vulnerabilities18700