Lucene search

K

GeForce, Workstation, Compute Security Vulnerabilities

rocky
rocky

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

5.4CVSS

7AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
rocky
rocky

fence-agents security and bug fix update

An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

6.1CVSS

6.8AI Score

0.001EPSS

2024-06-14 01:59 PM
1
rocky
rocky

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of.....

7AI Score

0.0004EPSS

2024-06-14 01:59 PM
nessus
nessus

Rocky Linux 8 : fence-agents (RLSA-2024:2968)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2968 advisory. * urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803) * pycryptodome: side-channel...

6.1CVSS

7.8AI Score

0.001EPSS

2024-06-14 12:00 AM
1
nessus
nessus

AlmaLinux 9 : fence-agents (ALSA-2024:3820)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the AlmaLinux...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Rocky Linux 9 : fence-agents (RLSA-2024:3820)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the Rocky Linux...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
cve
cve

CVE-2024-5906

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....

5.5AI Score

0.0004EPSS

2024-06-12 05:15 PM
16
nvd
nvd

CVE-2024-5906

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....

0.0004EPSS

2024-06-12 05:15 PM
2
cvelist
cvelist

CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....

0.0004EPSS

2024-06-12 04:22 PM
1
redhatcve
redhatcve

CVE-2023-52742

In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a...

6.7AI Score

0.0004EPSS

2024-06-12 12:27 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 9 : fence-agents (RHSA-2024:3820)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3820 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 8 : fence-agents (RHSA-2024:3811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3811 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 12:00 AM
2
nessus
nessus

Oracle Linux 9 : fence-agents (ELSA-2024-3820)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3820 advisory. - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 Tenable has extracted the preceding description block directly from the Oracle Linux security...

5.4CVSS

5.4AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1976-1)

The remote host is missing an update for...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-12 12:00 AM
nessus
nessus

RHEL 8 : fence-agents (RHSA-2024:3795)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
hp
hp

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

8AI Score

EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-05

The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...

9.1CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
oraclelinux
oraclelinux

fence-agents security update

[4.10.0-62.3] - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 [4.10.0-62.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-35273 [4.10.0-62.1] - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action Resolves:...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
3
almalinux
almalinux

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
hp
hp

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs...

8AI Score

0.0004EPSS

2024-06-10 12:00 AM
3
hp
hp

Intel 2024.2 IPU - BIOS May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

7.5CVSS

7.4AI Score

0.05EPSS

2024-06-10 12:00 AM
nessus
nessus

RHEL 7 : ipa (RHSA-2024:3760)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
ibm
ibm

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

5.9CVSS

4.5AI Score

0.001EPSS

2024-06-06 03:07 PM
1
nessus
nessus

RHEL 7 : less (RHSA-2024:3669)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3669 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does...

7.3AI Score

0.0004EPSS

2024-06-06 12:00 AM
5
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
nessus
nessus

Amazon Linux AMI : git (ALAS-2024-1939)

The version of git installed on the remote host is prior to 2.38.4-1.81. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1939 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...

9CVSS

7.7AI Score

0.001EPSS

2024-06-05 12:00 AM
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
schneier
schneier

Breaking a Password Manager

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number.....

7.5AI Score

2024-06-04 11:08 AM
3
nessus
nessus

RHEL 7 : glibc (RHSA-2024:3588)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.9AI Score

0.0005EPSS

2024-06-04 12:00 AM
nessus
nessus

RHEL 7 : 389-ds-base (RHSA-2024:3591)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-04 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1907-1)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.003EPSS

2024-06-04 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1908-1)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
redhatcve
redhatcve

CVE-2024-36901

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 05:33 PM
2
redhatcve
redhatcve

CVE-2024-36905

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....

6.3AI Score

0.0004EPSS

2024-06-03 01:33 PM
1
redhatcve
redhatcve

CVE-2024-36902

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....

5.5CVSS

6.4AI Score

0.0004EPSS

2024-06-03 01:33 PM
2
redhatcve
redhatcve

CVE-2024-36915

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset...

7AI Score

0.0004EPSS

2024-06-03 01:12 PM
1
redhatcve
redhatcve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:01 PM
3
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...

9.8CVSS

8.5AI Score

0.311EPSS

2024-06-03 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow...

9.8CVSS

8.7AI Score

0.09EPSS

2024-06-03 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1893-1)

The remote host is missing an update for...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Integer overflow in...

9.8CVSS

8.4AI Score

0.09EPSS

2024-06-03 12:00 AM
2
nessus
nessus

Rockwell Studio 5000 Logix Designer < V34 Code Hiding

The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...

7.7CVSS

7.4AI Score

0.001EPSS

2024-05-31 12:00 AM
4
zdi
zdi

(Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....

7.1CVSS

6.7AI Score

0.001EPSS

2024-05-31 12:00 AM
8
zdi
zdi

(Pwn2Own) [Collision] VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

9.3CVSS

7.5AI Score

0.001EPSS

2024-05-31 12:00 AM
3
nessus
nessus

Amazon Linux 2 : git (ALAS-2024-2548)

The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...

9CVSS

8.4AI Score

0.001EPSS

2024-05-31 12:00 AM
2
zdi
zdi

(Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....

7.1CVSS

6.7AI Score

0.001EPSS

2024-05-31 12:00 AM
2
Total number of security vulnerabilities21142