Lucene search

K

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 Security Vulnerabilities

alpinelinux
alpinelinux

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
3
nvd
nvd

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
osv
osv

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
2
debiancve
debiancve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.8AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
osv
osv

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.6AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
nvd
nvd

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5.1AI Score

0.0004EPSS

2024-05-29 04:15 PM
1
alpinelinux
alpinelinux

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:15 PM
4
cve
cve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

6.2AI Score

0.0004EPSS

2024-05-29 04:15 PM
33
talosblog
talosblog

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

9.8CVSS

9.8AI Score

0.001EPSS

2024-05-29 04:07 PM
2
cvelist
cvelist

CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
2
vulnrichment
vulnrichment

CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
vulnrichment
vulnrichment

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
vulnrichment
vulnrichment

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
vulnrichment
vulnrichment

CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

5AI Score

0.0004EPSS

2024-05-29 04:02 PM
cvelist
cvelist

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-29 04:02 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.16 and earlier

Summary This fix upgrades to Node.js 18.20.3 and Websphere Liberty 24.0.0.5. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. Websphere Liberty is used by the IBM Answer Retrieval for Watson Discovery swagger microservice. There are two categories of...

7.5CVSS

8.3AI Score

EPSS

2024-05-29 02:43 PM
5
redhat
redhat

(RHSA-2024:3466) Important: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.2AI Score

EPSS

2024-05-29 12:58 PM
8
osv
osv

intel-microcode vulnerabilities

It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only...

7.9CVSS

7.3AI Score

0.001EPSS

2024-05-29 07:13 AM
3
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtwebsockets-6.7.1-1.fc40

The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
3
fedora

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtwebchannel-6.7.1-1.fc40

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtwayland-6.7.1-1.fc40

Qt6 - Wayland platform support and QtCompositor...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtspeech-6.7.1-1.fc40

The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. The most common use case where text-to-speech comes in handy is when the end-user is driving....

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40

The Qt SCXML module provides functionality to create state machines from SC XML files. This includes both dynamically creating state machines loading the SCXML fi le and instantiating states and transitions) and generating a C++ file that has a class implementing the state machine. It also...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
5
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtremoteobjects-6.7.1-1.fc40

Qt Remote Objects (QtRO) is an inter-process communication (IPC) module dev eloped for...

6.4AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtshadertools-6.7.1-2.fc40

Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtmultimedia-6.7.1-1.fc40

The Qt Multimedia module provides a rich feature set that enables you to easily take advantage of a platforms multimedia capabilites and hardware. This ranges from the playback and recording of audio and video content to the use of available devices like cameras and...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtimageformats-6.7.1-1.fc40

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtmqtt-6.7.1-1.fc40

MQTT is a machine-to-machine (M2M) protocol utilizing the publish-and-subsc ribe paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtdatavis3d-6.7.1-1.fc40

Qt Data Visualization module provides multiple graph types to visualize dat a in 3D space both with C++ and Qt Quick...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtgraphs-6.7.1-1.fc40

The Qt Graphs module enables you to visualize data in 3D as bar, scatter, and surface graphs. It's especially useful for visualizing depth maps and large quantities of rapidly changing data, such as data received from multiple sensors. The look and feel of graphs can be customized by using themes.....

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtcharts-6.7.1-1.fc40

Qt Charts module provides a set of easy to use chart components. It uses th e Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QG raphicsWidget, or QML types. Users can easily create impressive graphs by selecting...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
3
fedora
fedora

[SECURITY] Fedora 40 Update: fcitx5-qt-5.1.6-2.fc40

Qt library and IM module for...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
4
drupal
drupal

Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an...

7AI Score

2024-05-29 12:00 AM
3
nessus
nessus

Oracle Linux 8 : tigervnc (ELSA-2024-3261)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3261 advisory. [1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 ...

9.8CVSS

8AI Score

0.273EPSS

2024-05-29 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : glibc-livepatches (SUSE-SU-2024:1805-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:1805-1 advisory. - CVE-2024-2961: Fixed that the iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting...

7AI Score

0.0005EPSS

2024-05-29 12:00 AM
ubuntucve
ubuntucve

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. Notes Author|...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
3
zdt
zdt

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

8AI Score

0.003EPSS

2024-05-29 12:00 AM
56
drupal
drupal

Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023

This module enables you to create responsive image styles that depend on the parent element's width. The module doesn't sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific...

7.3AI Score

2024-05-29 12:00 AM
3
oraclelinux
oraclelinux

go-toolset:ol8 security update

delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves:...

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Intel Microcode vulnerabilities (USN-6797-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6797-1 advisory. It was discovered that some 3rd and 4th Generation Intel Xeon Processors did not properly...

7.9CVSS

7.3AI Score

0.001EPSS

2024-05-29 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6795-1)

The remote host is missing an update for...

7.8CVSS

7.3AI Score

EPSS

2024-05-29 12:00 AM
4
nessus
nessus

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....

4.8CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
3
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1801-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1801-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. This update fixes a...

7.2AI Score

2024-05-29 12:00 AM
1
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6795-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6795-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

7.8CVSS

7.6AI Score

EPSS

2024-05-29 12:00 AM
2
f5
f5

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
packetstorm

7AI Score

0.003EPSS

2024-05-29 12:00 AM
53
Total number of security vulnerabilities116390