Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

osv
osv

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

9.9CVSS

7.2AI Score

0.0004EPSS

2024-05-09 09:35 PM
8
github
github

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

9.9CVSS

7.5AI Score

0.0004EPSS

2024-05-09 09:35 PM
20
rocky
rocky

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage (LFS) replaces large files such as audio samples,...

7.5AI Score

0.0004EPSS

2024-05-09 06:50 PM
7
osv
osv

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

7.6AI Score

0.0004EPSS

2024-05-09 06:50 PM
4
qualysblog
qualysblog

Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS

With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...

7.6AI Score

2024-05-09 06:19 PM
6
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

9.8CVSS

9.7AI Score

EPSS

2024-05-09 04:49 PM
13
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

10CVSS

10AI Score

0.05EPSS

2024-05-09 12:31 PM
12
nessus
nessus

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...

7.8CVSS

7AI Score

0.011EPSS

2024-05-09 12:00 AM
6
packetstorm

9.8CVSS

7.4AI Score

0.0004EPSS

2024-05-09 12:00 AM
122
nessus
nessus

IBM Java 7.1 < 7.1.5.22 / 8.0 < 8.0.8.25 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.1 &lt; 7.1.5.22 / 8.0 &lt; 8.0.8.25. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update May 2024 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 throu...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-09 12:00 AM
21
nessus
nessus

EulerOS 2.0 SP10 : shim (EulerOS-SA-2024-1579)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....

8.3CVSS

8.1AI Score

0.025EPSS

2024-05-09 12:00 AM
5
f5
f5

K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019

Security Advisory Description CVE-2023-46809 This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2024-21892 On Linux, Node.js ignores certain environment...

7.5AI Score

EPSS

2024-05-09 12:00 AM
21
packetstorm

7.4AI Score

2024-05-09 12:00 AM
143
nvd
nvd

CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...

3.5CVSS

3.7AI Score

0.0004EPSS

2024-05-08 04:15 PM
cve
cve

CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...

3.5CVSS

6.5AI Score

0.0004EPSS

2024-05-08 04:15 PM
26
cvelist
cvelist

CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...

3.5CVSS

4.1AI Score

0.0004EPSS

2024-05-08 03:37 PM
redhat
redhat

(RHSA-2024:2764) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...

7.4AI Score

EPSS

2024-05-08 02:15 PM
2
redhat
redhat

(RHSA-2024:2763) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...

7.4AI Score

EPSS

2024-05-08 02:14 PM
4
cve
cve

CVE-2024-3507

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...

7.7CVSS

6.9AI Score

0.0004EPSS

2024-05-08 11:15 AM
33
nvd
nvd

CVE-2024-3507

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...

7.7CVSS

7.7AI Score

0.0004EPSS

2024-05-08 11:15 AM
cvelist
cvelist

CVE-2024-3507 Privilege escalation vulnerability in Lunar

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...

7.7CVSS

7.8AI Score

0.0004EPSS

2024-05-08 10:46 AM
vulnrichment
vulnrichment

CVE-2024-3507 Privilege escalation vulnerability in Lunar

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user...

7.7CVSS

7AI Score

0.0004EPSS

2024-05-08 10:46 AM
ibm
ibm

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details ** CVEID:....

7.5CVSS

8.2AI Score

0.008EPSS

2024-05-08 07:15 AM
6
ibm
ibm

Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale

Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...

6.1CVSS

9.8AI Score

0.008EPSS

2024-05-08 07:09 AM
7
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1549-1)

The remote host is missing an update for...

7.1CVSS

7.3AI Score

0.0004EPSS

2024-05-08 12:00 AM
3
f5
f5

K11342432 : BIG-IP HTTP non-RFC-compliant security exposure

Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....

7.2AI Score

2024-05-08 12:00 AM
14
nessus
nessus

GLSA-202405-25 : MariaDB: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-25 (MariaDB: Multiple Vulnerabilities) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit...

7.8CVSS

8.4AI Score

EPSS

2024-05-08 12:00 AM
4
f5
f5

K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883

Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883) Impact A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit.....

7.4CVSS

7.2AI Score

0.0004EPSS

2024-05-08 12:00 AM
20
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1547-1)

The remote host is missing an update for...

8.4CVSS

8.5AI Score

0.0004EPSS

2024-05-08 12:00 AM
2
f5
f5

K000132430 : The BIG-IP system may fail to block HTTP Request Smuggling attacks

Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP.....

7.3AI Score

2024-05-08 12:00 AM
20
f5
f5

K000139447 : Apache httpd vulnerability CVE-2024-24795

Security Advisory Description HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...

6.8AI Score

0.0004EPSS

2024-05-08 12:00 AM
15
f5
f5

K000138636 : BIG-IP Configuration utility XSS vulnerability CVE-2024-31156

Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-31156) Impact An authenticated attacker may exploit.....

8CVSS

5.3AI Score

0.0004EPSS

2024-05-08 12:00 AM
18
f5
f5

K000139012 : BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary....

6.8CVSS

6.7AI Score

0.0004EPSS

2024-05-08 12:00 AM
18
f5
f5

K000138913 : BIG-IP Next CNF vulnerability CVE-2024-28132

Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing (GSLB) container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. (CVE-2024-28132) Impact An authenticated attacker....

4.4CVSS

6.7AI Score

0.0004EPSS

2024-05-08 12:00 AM
8
mskb
mskb

Azure File Sync Agent v18 Release - May 2024 (Flighting)

Azure File Sync Agent v18 Release - May 2024 (Flighting) This article describes the improvements and issues that are fixed in the Azure File Sync Agent v18 release that is dated May 2024. Additionally, this article contains installation instructions for this release. Improvements and issues that...

7AI Score

2024-05-08 12:00 AM
3
f5
f5

K000138733 : BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-26026) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API...

7.5CVSS

8.4AI Score

0.0004EPSS

2024-05-08 12:00 AM
15
f5
f5

K000138520 : BIG-IP Configuration utility vulnerability CVE-2024-27202

Security Advisory Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-27202) Impact An attacker may exploit this...

4.7CVSS

5.6AI Score

0.0004EPSS

2024-05-08 12:00 AM
14
f5
f5

K000139404 : Quarterly Security Notification (May 2024)

Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

6.9AI Score

0.0004EPSS

2024-05-08 12:00 AM
20
f5
f5

K000138912 : BIG-IP SSL vulnerability CVE-2024-28889

Security Advisory Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-28889) Impact Traffic.....

5.9CVSS

7.1AI Score

0.0004EPSS

2024-05-08 12:00 AM
11
f5
f5

K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604

Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604) Impact An attacker may exploit this...

6.1CVSS

5.6AI Score

0.0004EPSS

2024-05-08 12:00 AM
8
f5
f5

K000138898 : BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure

Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled (for example, all or.....

7.1AI Score

2024-05-08 12:00 AM
14
f5
f5

K000138634 : BIG-IP Next Central Manager vulnerability CVE-2024-32049

Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. (CVE-2024-32049) Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle (MITM) position between a BIG-IP Next.....

7.4CVSS

7.2AI Score

0.0004EPSS

2024-05-08 12:00 AM
7
nessus
nessus

RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 (RHSA-2024:2764)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2764 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

5.3CVSS

6.2AI Score

EPSS

2024-05-08 12:00 AM
4
f5
f5

K000139217 : BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761

Security Advisory Description Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is.....

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-08 12:00 AM
8
f5
f5

K000139037: TMM vulnerability CVE-2024-25560

Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...

7.5AI Score

0.0004EPSS

2024-05-08 12:00 AM
8
f5
f5

K000139553: VPN TunnelVision vulnerability CVE-2024-3661

Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...

7.5AI Score

0.0005EPSS

2024-05-08 12:00 AM
22
f5
f5

K000138732 : BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793

Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-21793) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP NEXT Central Manager API...

7.5CVSS

8.2AI Score

0.0004EPSS

2024-05-08 12:00 AM
21
f5
f5

K000138728 : BIG-IP IPsec vulnerability CVE-2024-33608

Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-33608) Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker.....

7.5CVSS

7.2AI Score

0.0004EPSS

2024-05-08 12:00 AM
11
securelist
securelist

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

8.9AI Score

0.971EPSS

2024-05-07 10:00 AM
29
ibm
ibm

Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details ** CVEID: CVE-2024-1597 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) is vulnerable to SQL injection. A remote attacker could send specially...

10CVSS

9.7AI Score

0.001EPSS

2024-05-07 09:52 AM
10
Total number of security vulnerabilities61900