Lucene search

K

BIG-IP AFM & PEM Security Vulnerabilities

redhatcve
redhatcve

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

7.1AI Score

0.0004EPSS

2024-06-20 12:52 PM
redhatcve
redhatcve

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

6.9AI Score

0.0004EPSS

2024-06-20 12:28 PM
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

CVE-2024-24590 Deserialization of untrusted data can occur in...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-20 11:23 AM
97
debiancve
debiancve

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

6.6AI Score

0.0004EPSS

2024-06-20 11:15 AM
cve
cve

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

6.6AI Score

0.0004EPSS

2024-06-20 11:15 AM
20
nvd
nvd

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

0.0004EPSS

2024-06-20 11:15 AM
debiancve
debiancve

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

6.8AI Score

0.0004EPSS

2024-06-20 11:15 AM
1
nvd
nvd

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

0.0004EPSS

2024-06-20 11:15 AM
1
cve
cve

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

6.6AI Score

0.0004EPSS

2024-06-20 11:15 AM
21
cvelist
cvelist

CVE-2022-48721 net/smc: Forward wakeup to smc socket waitqueue after fallback

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

0.0004EPSS

2024-06-20 11:13 AM
1
qualysblog
qualysblog

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

7AI Score

2024-06-20 11:06 AM
3
vulnrichment
vulnrichment

CVE-2021-47618 ARM: 9170/1: fix panic when kasan and kprobe are enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

6.9AI Score

0.0004EPSS

2024-06-20 10:57 AM
2
cvelist
cvelist

CVE-2021-47618 ARM: 9170/1: fix panic when kasan and kprobe are enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

0.0004EPSS

2024-06-20 10:57 AM
redhatcve
redhatcve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

7AI Score

0.0004EPSS

2024-06-20 10:53 AM
thn
thn

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

7AI Score

2024-06-20 08:09 AM
8
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

9.8CVSS

9.9AI Score

0.019EPSS

2024-06-20 12:38 AM
9
ubuntucve
ubuntucve

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by...

7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
ubuntucve
ubuntucve

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

7AI Score

0.0004EPSS

2024-06-20 12:00 AM
2
ubuntucve
ubuntucve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

6.8AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2023-38831

Un Hacker En Capital ¡Bienvenido a mi repositorio de GitHub!...

7.3AI Score

2024-06-19 11:23 PM
101
debiancve
debiancve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP...

6.8AI Score

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

6.3AI Score

0.0004EPSS

2024-06-19 03:15 PM
21
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
vulnrichment
vulnrichment

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

6.6AI Score

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2021-47594 mptcp: never allow the PM to close a listener subflow

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

0.0004EPSS

2024-06-19 02:53 PM
1
githubexploit
githubexploit

Exploit for CVE-2024-34470

CVE-2024-34470 PoC and Bulk Scanner Overview This is a...

6.9AI Score

0.001EPSS

2024-06-19 11:32 AM
165
hackread
hackread

Chinese Velvet Ant Hackers Target F5 Devices in Years-Long Espionage

Discover how China-linked Velvet Ant APT exploited F5 BIG-IP devices for years undetected. Sygnia's detailed analysis exposes tactics used to maintain persistence and evade detection, offering crucial insights for organizations to bolster their cybersecurity defenses against similar...

7.4AI Score

2024-06-19 09:30 AM
3
cve
cve

CVE-2024-0789

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-19 08:15 AM
23
nvd
nvd

CVE-2024-0789

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

5.3CVSS

0.0005EPSS

2024-06-19 08:15 AM
1
veracode
veracode

URL Redirection To Untrusted Site ('Open Redirect')

zendframework/zendframework is vulnerable to improper handling of IP addresses. The vulnerability is due to the class not verifying if the IP address in $_SERVER['REMOTE_ADDR'] is in the trusted proxy server list before using the X-Forwarded-For...

7AI Score

2024-06-19 08:07 AM
cvelist
cvelist

CVE-2024-0789 WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

5.3CVSS

0.0005EPSS

2024-06-19 07:39 AM
3
redhatcve
redhatcve

CVE-2024-36977

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

7AI Score

0.0004EPSS

2024-06-18 11:18 PM
4
debiancve
debiancve

CVE-2024-36977

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3...

6.7AI Score

0.0004EPSS

2024-06-18 08:15 PM
1
nvd
nvd

CVE-2024-36977

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

0.0004EPSS

2024-06-18 08:15 PM
2
cve
cve

CVE-2024-36977

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

6.6AI Score

0.0004EPSS

2024-06-18 08:15 PM
24
cvelist
cvelist

CVE-2024-36977 usb: dwc3: Wait unconditionally after issuing EndXfer command

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

0.0004EPSS

2024-06-18 07:27 PM
4
vulnrichment
vulnrichment

CVE-2024-36977 usb: dwc3: Wait unconditionally after issuing EndXfer command

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

7AI Score

0.0004EPSS

2024-06-18 07:27 PM
talosblog
talosblog

How are attackers trying to bypass MFA?

In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...

8.1AI Score

2024-06-18 11:57 AM
4
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Windows

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
zdi
zdi

Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-18 12:00 AM
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Mac OS X

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Linux

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-36977

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 &gt;= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controlle...

7.1AI Score

0.0004EPSS

2024-06-18 12:00 AM
f5
f5

K000140043: runc vulnerability CVE-2024-21626

Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...

8.6CVSS

7AI Score

0.051EPSS

2024-06-18 12:00 AM
3
f5
f5

K000140039: Intel QAT vulnerability CVE-2023-32641

Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 12:00 AM
5
f5
f5

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....

4.2CVSS

6.4AI Score

0.002EPSS

2024-06-18 12:00 AM
1
f5
f5

K000140029: libcurl vulnerability CVE-2024-2398

Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...

6.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
9
f5
f5

K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159

Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before...

7.5CVSS

7.4AI Score

0.915EPSS

2024-06-18 12:00 AM
5
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.3AI Score

2024-06-17 08:28 PM
3
Total number of security vulnerabilities70509