Lucene search

K

HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6), Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-34115 ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

7.4AI Score

0.001EPSS

2024-06-13 11:25 AM
cvelist
cvelist

CVE-2024-20753 Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

7.8CVSS

0.001EPSS

2024-06-13 11:22 AM
6
vulnrichment
vulnrichment

CVE-2024-20753 Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 11:22 AM
1
schneier
schneier

AI and the Indian Election

As India concluded the world's largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of...

7.2AI Score

2024-06-13 11:02 AM
2
nvd
nvd

CVE-2024-30278

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS

0.001EPSS

2024-06-13 10:15 AM
3
cve
cve

CVE-2024-30278

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS

5.1AI Score

0.001EPSS

2024-06-13 10:15 AM
21
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
1
securelist
securelist

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

6.4CVSS

8.2AI Score

0.001EPSS

2024-06-13 10:00 AM
5
cvelist
cvelist

CVE-2024-30278 Adobe Media Encoder 2024 TGA File parsing memory corruption

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS

0.001EPSS

2024-06-13 09:34 AM
2
vulnrichment
vulnrichment

CVE-2024-30278 Adobe Media Encoder 2024 TGA File parsing memory corruption

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS

6AI Score

0.001EPSS

2024-06-13 09:34 AM
nvd
nvd

CVE-2024-30276

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a....

5.5CVSS

0.001EPSS

2024-06-13 09:15 AM
2
cve
cve

CVE-2024-30276

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a....

5.5CVSS

5.1AI Score

0.001EPSS

2024-06-13 09:15 AM
26
cvelist
cvelist

CVE-2024-30276 Adobe Audition 2024 M2V File Parsing Memory corruption

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a....

5.5CVSS

0.001EPSS

2024-06-13 08:24 AM
9
vulnrichment
vulnrichment

CVE-2024-30276 Adobe Audition 2024 M2V File Parsing Memory corruption

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a....

5.5CVSS

6.1AI Score

0.001EPSS

2024-06-13 08:24 AM
thn
thn

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious...

7.2AI Score

2024-06-13 08:05 AM
4
thn
thn

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....

7.8CVSS

8.4AI Score

0.213EPSS

2024-06-13 07:08 AM
3
thn
thn

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara...

8.2AI Score

2024-06-13 06:25 AM
2
ibm
ibm

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details ** CVEID: CVE-2023-6516 DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...

7.5CVSS

8AI Score

0.962EPSS

2024-06-13 06:21 AM
veracode
veracode

Denial Of Service Via Account Lockout

org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...

7AI Score

2024-06-13 05:58 AM
zdi
zdi

(0Day) Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRT....

6.9AI Score

EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.3AI Score

EPSS

2024-06-13 12:00 AM
1
zdi
zdi

(0Day) Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.5AI Score

EPSS

2024-06-13 12:00 AM
1
zdi
zdi

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM....

6.3AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T....

6.6AI Score

EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B....

6.9AI Score

EPSS

2024-06-13 12:00 AM
1
zdi
zdi

(0Day) Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B....

6.5AI Score

EPSS

2024-06-13 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 AM
googleprojectzero
googleprojectzero

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 12:00 AM
1
zdi
zdi

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM....

6.3AI Score

EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 8 : dnsmasq (RHSA-2024:3929)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

7.5CVSS

8.4AI Score

0.05EPSS

2024-06-13 12:00 AM
nessus
nessus

CentOS 7 : 389-ds-base (RHSA-2024:3591)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5838

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu.....

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

RHEL 9 : nghttp2 (RHSA-2024:3875)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
nessus
nessus

Debian dla-3826 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3826 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3826-1 [email protected] ...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5830

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Autodesk AutoCAD STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP....

6.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Autodesk AutoCAD STEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

Oracle Linux 9 : gvisor-tap-vsock (ELSA-2024-3830)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3830 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

5.4AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
kaspersky
kaspersky

KLA68933 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...

9.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdi
zdi

Autodesk AutoCAD X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T....

6.6AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM....

6.3AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.6AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.5AI Score

EPSS

2024-06-13 12:00 AM
veeam
veeam

PVC Export Fails Due to Timeout

Export task default time out is 45...

7.2AI Score

2024-06-13 12:00 AM
zdi
zdi

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM....

6.5AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B....

6.3AI Score

EPSS

2024-06-13 12:00 AM
zdi
zdi

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM....

6.3AI Score

EPSS

2024-06-13 12:00 AM
Total number of security vulnerabilities622242