Lucene search

K

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, FPS, Link Controller, PEM, WebAccelerator) Security Vulnerabilities

osv
osv

Malicious code in link-ui-i21n (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:49 PM
osv
osv

Malicious code in link-ui-i20n (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:49 PM
osv
osv

Malicious code in link-ui-i19n (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:49 PM
osv
osv

Malicious code in apm-web-vitals (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:28 PM
osv
osv

Malicious code in analytics (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:23 PM
osv
osv

Malicious code in edge (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 12:23 PM
ibm
ibm

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]

Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2024-24795, CVE-2023-38709] Vulnerability Details Refer to the security bulletin(s) listed in the...

6.7AI Score

0.0004EPSS

2024-06-25 12:04 PM
3
osv
osv

BIT-opencart-2024-21518

This affects versions of the package opencart/opencart from 4.0.0-0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

7.2CVSS

7AI Score

0.001EPSS

2024-06-25 11:57 AM
1
osv
osv

BIT-opencart-2024-21519

This affects versions of the package opencart/opencart from 4.0.0-0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

7.2CVSS

7.2AI Score

0.0005EPSS

2024-06-25 11:57 AM
ibm
ibm

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

9.8CVSS

9.9AI Score

EPSS

2024-06-25 10:51 AM
3
ibm
ibm

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-34447 DESCRIPTION:.....

5.5CVSS

7.9AI Score

EPSS

2024-06-25 10:21 AM
3
ibm
ibm

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-23082 DESCRIPTION: **ThreeTen Backport is vulnerable to a denial of service, caused by an integer...

7.7AI Score

0.0004EPSS

2024-06-25 10:08 AM
2
ibm
ibm

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....

8.4AI Score

0.0004EPSS

2024-06-25 09:10 AM
3
nvd
nvd

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

9.9CVSS

0.0004EPSS

2024-06-25 04:15 AM
5
cve
cve

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

9.7AI Score

0.001EPSS

2024-06-25 04:15 AM
31
nvd
nvd

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

0.001EPSS

2024-06-25 04:15 AM
26
cve
cve

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

9.9CVSS

9.7AI Score

0.0004EPSS

2024-06-25 04:15 AM
17
cve
cve

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-25 04:15 AM
26
nvd
nvd

CVE-2024-4196

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

10CVSS

0.0004EPSS

2024-06-25 04:15 AM
3
vulnrichment
vulnrichment

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

9.9CVSS

7.6AI Score

0.0004EPSS

2024-06-25 04:01 AM
cvelist
cvelist

CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...

9.9CVSS

0.0004EPSS

2024-06-25 04:01 AM
6
vulnrichment
vulnrichment

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

10CVSS

7.5AI Score

0.0004EPSS

2024-06-25 04:00 AM
1
cvelist
cvelist

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...

10CVSS

0.0004EPSS

2024-06-25 04:00 AM
9
thn
thn

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

7.2AI Score

2024-06-25 03:32 AM
9
cvelist
cvelist

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

0.001EPSS

2024-06-25 03:30 AM
24
ubuntucve
ubuntucve

CVE-2024-34777

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074137...

6.9AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-39277

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

7.8CVSS

6.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-&gt;sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

5.3CVSS

6.1AI Score

0.0005EPSS

2024-06-25 12:00 AM
1
arista
arista

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

8.4CVSS

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
7
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

7.8CVSS

8.4AI Score

0.001EPSS

2024-06-25 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

9.8CVSS

8.2AI Score

0.005EPSS

2024-06-25 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36270

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-36281

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer...

6.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
talos
talos

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....

7.2CVSS

7.8AI Score

0.001EPSS

2024-06-25 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1834)

The remote host is missing an update for the Huawei...

5.3CVSS

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1813)

The remote host is missing an update for the Huawei...

5.3CVSS

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-25 12:00 AM
nvd
nvd

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...

0.0004EPSS

2024-06-24 09:15 PM
5
cve
cve

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...

7.7AI Score

0.0004EPSS

2024-06-24 09:15 PM
17
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
11
nvd
nvd

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

8.1CVSS

0.0005EPSS

2024-06-24 05:15 PM
7
osv
osv

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS

7.1AI Score

0.0005EPSS

2024-06-24 05:15 PM
cve
cve

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS

9.2AI Score

0.0005EPSS

2024-06-24 05:15 PM
19
malwarebytes
malwarebytes

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....

7.4AI Score

2024-06-24 04:42 PM
4
githubexploit
githubexploit

Exploit for CVE-2024-5806

CVE-2024-5806 Exploit for Progress MOVEit Transfer...

9.1CVSS

7AI Score

0.0004EPSS

2024-06-24 04:28 PM
182
cvelist
cvelist

CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS

0.0005EPSS

2024-06-24 04:23 PM
3
Total number of security vulnerabilities270603