Lucene search

K

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2024:1980-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1980-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding...

2.9CVSS

7.1AI Score

0.0004EPSS

2024-06-12 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2024:1974-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1974-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-12 12:00 AM
3
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1979-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1979-1 advisory. The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-12 12:00 AM
1
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
127
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
72
osv
osv

linux-aws, linux-oracle vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-11 10:09 PM
5
ibm
ibm

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 09:24 PM
5
ibm
ibm

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....

8.1AI Score

2024-06-11 08:00 PM
5
redhatcve
redhatcve

CVE-2023-52736

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of...

6.8AI Score

0.0004EPSS

2024-06-11 07:25 PM
debian
debian

[SECURITY] [DSA 5707-1] vlc security update

Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...

7.3AI Score

2024-06-11 06:22 PM
3
osv
osv

linux-intel-iotg-5.15 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

8CVSS

8.2AI Score

EPSS

2024-06-11 05:45 PM
1
redhatcve
redhatcve

CVE-2024-4577

A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions......

9.8CVSS

9.3AI Score

0.967EPSS

2024-06-11 02:26 PM
47
thn
thn

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

8AI Score

2024-06-11 06:52 AM
3
nessus
nessus

Oracle Linux 8 : idm:DL1 (ELSA-2024-3755)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3755 advisory. - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 Tenable has extracted the preceding description block...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1944-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1944-1 advisory. - Update to version 2.44.2 (bsc#1225071): - CVE-2024-23252: Fixed a vulnerability where...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-11 12:00 AM
3
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1962-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1962-1 advisory. - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client...

6.2CVSS

6.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1938-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1938-1 advisory. - CVE-2024-35195: Fix failure with updated python-requests. (bsc#1224788) Tenable has extracted the preceding description block directly...

5.6CVSS

7.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

8.1AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : aws-nitro-enclaves-cli (SUSE-SU-2024:1966-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1966-1 advisory. - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Tenable has extracted the...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2024:1967-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1967-1 advisory. - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). Tenable has extracted the preceding description block.....

2.9CVSS

7.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

RHEL 8 : kpatch-patch (RHSA-2024:3805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

7.8CVSS

7.4AI Score

0.011EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

7.3AI Score

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:1969-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1969-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-11 12:00 AM
1
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap custodia ipa [4.9.13-10.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-10] - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 - kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves:...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
packetstorm

7.8CVSS

7AI Score

0.44EPSS

2024-06-11 12:00 AM
59
nessus
nessus

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. ...

7.5AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-idna (SUSE-SU-2024:1939-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1939-1 advisory. - CVE-2024-3651: Fixed a denial of service via resource consumption through specially crafted...

7.5AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Brotli (SUSE-SU-2024:1968-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1968-1 advisory. - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825) Tenable has.....

6.5CVSS

7.7AI Score

0.006EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : frr (SUSE-SU-2024:1971-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1971-1 advisory. - CVE-2024-34088: Fixed null pointer via get_edge() function can trigger a denial of service (bsc#1223786). -...

8.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : util-linux (SUSE-SU-2024:1943-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1943-1 advisory. - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover....

7AI Score

0.0005EPSS

2024-06-11 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6818-2)

The remote host is missing an update for...

7.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 12:00 AM
4
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

8CVSS

8.9AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sssd (SUSE-SU-2024:1941-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1941-1 advisory. - CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning ...

7.1CVSS

7.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache2 (SUSE-SU-2024:1963-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1963-1 advisory. - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP...

7.5CVSS

7.7AI Score

0.005EPSS

2024-06-11 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1970-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1970-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2024:1961-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1961-1 advisory. - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417). Tenable has...

7.1AI Score

EPSS

2024-06-11 12:00 AM
1
packetstorm

6.6CVSS

7AI Score

0.001EPSS

2024-06-11 12:00 AM
62
nvd
nvd

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

0.0004EPSS

2024-06-10 08:15 PM
6
osv
osv

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
1
cve
cve

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
22
cvelist
cvelist

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

0.0004EPSS

2024-06-10 07:38 PM
3
vulnrichment
vulnrichment

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

6.2AI Score

0.0004EPSS

2024-06-10 07:38 PM
1
ibm
ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges...

10CVSS

8.9AI Score

EPSS

2024-06-10 05:54 PM
2
osv
osv

Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos/v13

Evmos vulnerable to unauthorized account creation with vesting module in...

7AI Score

2024-06-10 04:39 PM
osv
osv

linux-laptop vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

8AI Score

0.001EPSS

2024-06-10 04:09 PM
3
nvd
nvd

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 03:15 PM
2
cve
cve

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

8AI Score

0.0004EPSS

2024-06-10 03:15 PM
21
veracode
veracode

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.http_dataset_source.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an...

10CVSS

6.8AI Score

0.0004EPSS

2024-06-10 06:30 AM
5
nessus
nessus

AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....

6.9AI Score

EPSS

2024-06-10 12:00 AM
1
ubuntu
ubuntu

Linux kernel (ARM laptop) vulnerabilities

Releases Ubuntu 23.10 Packages linux-laptop - Linux kernel for Lenovo X13s ARM laptops Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-10 12:00 AM
1
Total number of security vulnerabilities116729