Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

f5
f5

K000139652: Intel CPU vulnerability CVE-2023-23583

Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
f5
f5

K000139630: Expat vulnerability CVE-2023-52425

Security Advisory Description libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. (CVE-2023-52425) Impact An attacker may be able to cause an increase in memory...

6AI Score

0.001EPSS

2024-05-16 12:00 AM
10
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

4.3CVSS

6.3AI Score

0.0004EPSS

2024-05-16 12:00 AM
18
f5
f5

K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313

Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...

5.9AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
f5
f5

K000139646: MySQL Server vulnerabilities CVE-2024-21052 and CVE-2024-21053

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

5.7AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
f5
f5

K000139643: Node-tar vulnerability CVE-2024-28863

Security Advisory Description node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash...

6AI Score

0.0004EPSS

2024-05-16 12:00 AM
9
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...

7.8CVSS

7.7AI Score

0.0005EPSS

2024-05-16 12:00 AM
10
f5
f5

K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383

Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
f5
f5

K000139637: Expat vulnerability CVE-2024-28757

Security Advisory Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757) Impact An attacker may be able to use an XML Entity Expansion attack, consuming all system...

5.8AI Score

0.0004EPSS

2024-05-16 12:00 AM
7
github
github

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

7.1AI Score

2024-05-15 10:34 PM
15
osv
osv

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

7.1AI Score

2024-05-15 10:34 PM
7
github
github

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

6.2AI Score

2024-05-15 09:06 PM
3
osv
osv

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

his Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

6.2AI Score

2024-05-15 09:06 PM
2
osv
osv

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

This Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

6.2AI Score

2024-05-15 09:06 PM
3
github
github

Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS

This Security Advisory is about a vulnerability in VideoJS, which is bundled in DemoBundle and the ezdemo legacy extension. Older releases of VideoJS contain an XSS vulnerability in the Flash-based video player. This is bundled in DemoBundle, and in the Legacy "ezdemo" and "ezdemo-ls-extension"...

6.2AI Score

2024-05-15 09:06 PM
4
github
github

source-controller leaks Azure Storage SAS token into logs

Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to....

5.1CVSS

6.5AI Score

0.0004EPSS

2024-05-15 05:09 PM
10
osv
osv

source-controller leaks Azure Storage SAS token into logs

Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to....

5.1CVSS

6.5AI Score

0.0004EPSS

2024-05-15 05:09 PM
7
nvd
nvd

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...

5.1CVSS

5.2AI Score

0.0004EPSS

2024-05-15 04:15 PM
cve
cve

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...

5.1CVSS

5.2AI Score

0.0004EPSS

2024-05-15 04:15 PM
39
osv
osv

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...

5.1CVSS

7.2AI Score

0.0004EPSS

2024-05-15 04:15 PM
5
cvelist
cvelist

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to...

5.1CVSS

5.5AI Score

0.0004EPSS

2024-05-15 03:52 PM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale packaged in Elastic Storage Server.

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage Server, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details ** CVEID: CVE-2023-46158 DESCRIPTION: **IBM WebSphere...

9.8CVSS

8.6AI Score

0.732EPSS

2024-05-15 01:09 PM
4
thn
thn

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move...

7.2AI Score

2024-05-15 10:55 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1619)

The remote host is missing an update for the Huawei...

8.3CVSS

7.5AI Score

0.025EPSS

2024-05-15 12:00 AM
5
nessus
nessus

EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1619)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an...

8.3CVSS

8.9AI Score

0.025EPSS

2024-05-15 12:00 AM
4
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 12:00 AM
9
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
14
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
8
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
7
f5
f5

K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102

Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

5.7AI Score

0.001EPSS

2024-05-15 12:00 AM
10
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...

7.8CVSS

7.6AI Score

EPSS

2024-05-15 12:00 AM
5
f5
f5

K000139617: MySQL vulnerabilities CVE-2024-21049, CVE-2024-21060, CVE-2024-21061, and CVE-2024-21069

Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...

5.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
9
f5
f5

K000139594: libxml2 vulnerability CVE-2022-40304

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...

7.8CVSS

7.6AI Score

0.001EPSS

2024-05-15 12:00 AM
21
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1643-1)

The remote host is missing an update for...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
5
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-1 advisory. sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser...

7.5CVSS

7.8AI Score

0.001EPSS

2024-05-15 12:00 AM
6
f5
f5

K000139616: MySQL vulnerability CVE-2024-21051

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

5.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
14
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
10
f5
f5

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

5.8AI Score

0.0004EPSS

2024-05-15 12:00 AM
12
cve
cve

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
26
nvd
nvd

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

4.3CVSS

6.6AI Score

0.0004EPSS

2024-05-14 04:17 PM
25
alpinelinux
alpinelinux

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....

6.5CVSS

8AI Score

0.0004EPSS

2024-05-14 03:25 PM
1
cve
cve

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....

6.5CVSS

8.3AI Score

0.0004EPSS

2024-05-14 03:25 PM
22
debiancve
debiancve

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....

6.5CVSS

9AI Score

0.0004EPSS

2024-05-14 03:25 PM
3
nvd
nvd

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....

6.5CVSS

7.6AI Score

0.0004EPSS

2024-05-14 03:25 PM
1
cve
cve

CVE-2022-32506

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...

6.8AI Score

EPSS

2024-05-14 10:43 AM
2
nvd
nvd

CVE-2022-32506

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...

6.6AI Score

EPSS

2024-05-14 10:43 AM
1
cvelist
cvelist

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 10:02 AM
vulnrichment
vulnrichment

CVE-2024-33494

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...

6.5CVSS

7AI Score

0.0004EPSS

2024-05-14 10:02 AM
Total number of security vulnerabilities62132