Lucene search

K

BD Pyxis™ Rapid Rx Security Vulnerabilities

cvelist
cvelist

CVE-2023-52611 wifi: rtw88: sdio: Honor the host max_req_size in the RX path

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he...

7.8AI Score

0.0004EPSS

2024-03-18 10:07 AM
ubuntucve
ubuntucve

CVE-2023-52611

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he...

6.7AI Score

0.0004EPSS

2024-03-18 12:00 AM
8
ubuntucve
ubuntucve

CVE-2024-26640

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound...

7.6AI Score

0.0004EPSS

2024-03-18 12:00 AM
7
redhatcve
redhatcve

CVE-2021-47111

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

7.8CVSS

6.3AI Score

0.0004EPSS

2024-03-16 07:07 PM
10
redhatcve
redhatcve

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

6.6AI Score

0.0004EPSS

2024-03-16 06:23 PM
8
nvd
nvd

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

7.6AI Score

0.0004EPSS

2024-03-15 09:15 PM
cve
cve

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

6.5AI Score

0.0004EPSS

2024-03-15 09:15 PM
33
debiancve
debiancve

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

7.1AI Score

0.0004EPSS

2024-03-15 09:15 PM
4
cve
cve

CVE-2021-47111

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

6.3AI Score

0.0004EPSS

2024-03-15 09:15 PM
42
nvd
nvd

CVE-2021-47111

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

7.4AI Score

0.0004EPSS

2024-03-15 09:15 PM
debiancve
debiancve

CVE-2021-47111

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

7.8CVSS

7AI Score

0.0004EPSS

2024-03-15 09:15 PM
11
vulnrichment
vulnrichment

CVE-2021-47131 net/tls: Fix use-after-free after the TLS device goes down and up

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

6.8AI Score

0.0004EPSS

2024-03-15 08:14 PM
cvelist
cvelist

CVE-2021-47131 net/tls: Fix use-after-free after the TLS device goes down and up

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

7.6AI Score

0.0004EPSS

2024-03-15 08:14 PM
1
cvelist
cvelist

CVE-2021-47111 xen-netback: take a reference to the RX task thread

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

7.6AI Score

0.0004EPSS

2024-03-15 08:14 PM
schneier
schneier

Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...

7.7AI Score

2024-03-15 11:05 AM
10
thn
thn

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. "The Standard protection mode for Chrome on desktop and iOS will check sites against Google's server-side list of....

6.5AI Score

2024-03-15 07:50 AM
28
ubuntucve
ubuntucve

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and...

6.6AI Score

0.0004EPSS

2024-03-15 12:00 AM
3
ubuntucve
ubuntucve

CVE-2021-47111

In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend...

7.8CVSS

7.5AI Score

0.0004EPSS

2024-03-15 12:00 AM
12
ibm
ibm

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...

7AI Score

2024-03-14 07:16 PM
9
rapid7blog
rapid7blog

Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program

At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award. According to Women Who Code, “This award celebrates the efforts of someone who brings people together and creates genuine connections in our tech...

7.1AI Score

2024-03-14 03:24 PM
10
thn
thn

3 Things CISOs Achieve with Cato

Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud...

7.1AI Score

2024-03-14 10:24 AM
31
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1380)

The remote host is missing an update for the Huawei...

7.5CVSS

8.5AI Score

0.732EPSS

2024-03-14 12:00 AM
4
nessus
nessus

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2024-1380)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57....

7.5CVSS

7.4AI Score

0.732EPSS

2024-03-14 12:00 AM
4
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1359)

The remote host is missing an update for the Huawei...

7.5CVSS

8.5AI Score

0.732EPSS

2024-03-14 12:00 AM
3
nessus
nessus

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2024-1359)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57....

7.5CVSS

7.5AI Score

0.732EPSS

2024-03-14 12:00 AM
7
nvd
nvd

CVE-2023-38535

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

4.7CVSS

4.8AI Score

0.0004EPSS

2024-03-13 10:15 PM
cve
cve

CVE-2023-38534

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...

8.6CVSS

8.4AI Score

0.0004EPSS

2024-03-13 10:15 PM
13
cve
cve

CVE-2023-38535

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-03-13 10:15 PM
14
cve
cve

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...

6.4CVSS

6.5AI Score

0.0004EPSS

2024-03-13 10:15 PM
11
nvd
nvd

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...

6.4CVSS

6.5AI Score

0.0004EPSS

2024-03-13 10:15 PM
2
nvd
nvd

CVE-2023-38534

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-03-13 10:15 PM
prion
prion

Authentication flaw

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...

8.6CVSS

7.4AI Score

0.0004EPSS

2024-03-13 10:15 PM
7
prion
prion

Cross site scripting

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-03-13 10:15 PM
7
prion
prion

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

4.7CVSS

7.4AI Score

0.0004EPSS

2024-03-13 10:15 PM
6
cvelist
cvelist

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...

6.4CVSS

6.7AI Score

0.0004EPSS

2024-03-13 09:18 PM
cvelist
cvelist

CVE-2023-38535

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

4.7CVSS

5.2AI Score

0.0004EPSS

2024-03-13 09:17 PM
1
cvelist
cvelist

CVE-2023-38534

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-03-13 09:17 PM
ibm
ibm

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component...

7.5CVSS

6.6AI Score

0.001EPSS

2024-03-13 07:58 PM
8
ibm
ibm

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. (CVE-2023-33850) Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

7.5CVSS

6.4AI Score

0.001EPSS

2024-03-13 03:45 PM
12
osv
osv

quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding

Impact Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-03-13 03:39 PM
4
github
github

quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding

Impact Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-03-13 03:39 PM
4
qualysblog
qualysblog

Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review

Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches......

8.1CVSS

9AI Score

0.002EPSS

2024-03-12 06:37 PM
24
cve
cve

CVE-2024-1765

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-03-12 06:15 PM
32
nvd
nvd

CVE-2024-1765

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-03-12 06:15 PM
prion
prion

Design/Logic Flaw

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-03-12 06:15 PM
4
cvelist
cvelist

CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited...

5.9CVSS

6AI Score

0.0004EPSS

2024-03-12 06:04 PM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 .....

6.5AI Score

2024-03-12 05:00 PM
9
nessus
nessus

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-1273)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) ...

7.5CVSS

7.8AI Score

0.732EPSS

2024-03-12 12:00 AM
7
openvas
openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1273)

The remote host is missing an update for the Huawei...

7.5CVSS

8.5AI Score

0.732EPSS

2024-03-12 12:00 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...

7.5CVSS

6.9AI Score

0.001EPSS

2024-03-11 11:05 PM
5
Total number of security vulnerabilities15014