Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

nessus
nessus

RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...

7.5CVSS

7.5AI Score

0.082EPSS

2024-06-03 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

6.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : rabbitmq-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rabbitmq: MQTT connection authentication succeeds with empty password (CVE-2016-9877) An issue was...

7.8CVSS

6.9AI Score

0.003EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : flash-plugin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: arbitrary code execution via unspecified vulnerability (CVE-2011-4694) Unspecified...

9.2AI Score

0.036EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : fwupdate (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Use-after-free in rmmod command (CVE-2020-25632) grub2: Out-of-bounds write in...

8.2CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : v8 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 (CVE-2014-3188) V8: integer overflow leading...

8.8CVSS

9.3AI Score

0.035EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 4 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: assertion failure in Range header processing (SQUID-2014:2) (CVE-2014-3609) squid: off-by-one...

7.8AI Score

0.958EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ovirt-engine: connection does not validate certificate attributes. (CVE-2014-3706) Red Hat Enterprise...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-03 12:00 AM
github
github

Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). Details When decompressing certain data, the...

8.6CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
3
osv
osv

Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). Details When decompressing certain data, the...

8.6CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
2
debian
debian

[SECURITY] [DSA 5703-1] linux security update

Debian Security Advisory DSA-5703-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2022-48655 CVE-2023-52585...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-06-02 05:04 PM
10
fedora
fedora

[SECURITY] Fedora 39 Update: rust-scx_rusty-0.5.4-2.fc39

A multi-domain, BPF / user space hybrid scheduler used within sched_ext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them....

7.2AI Score

2024-06-02 03:39 AM
fedora
fedora

[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...

7.2AI Score

2024-06-02 03:39 AM
zdt

4.9CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
10
nessus
nessus

Debian dsa-5703 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5703 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5703-1 [email protected] ...

7.8CVSS

8.4AI Score

0.0004EPSS

2024-06-02 12:00 AM
1
exploitdb

4.9CVSS

7AI Score

EPSS

2024-06-01 12:00 AM
79
nessus
nessus

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...

7CVSS

7.1AI Score

0.001EPSS

2024-06-01 12:00 AM
5
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
ibm
ibm

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...

7CVSS

7AI Score

0.0004EPSS

2024-05-31 10:42 AM
7
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...

7.8CVSS

8.9AI Score

EPSS

2024-05-31 12:00 AM
3
f5
f5

K000139859: Envoy vulnerability CVE-2024-30255

Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-31 12:00 AM
3
veeam
veeam

Backup fails with "Invalid argument Asynchronous request operation has failed. Failed to open storage for read/write access"

This error occurs when the storage device is formatted with a 4k logical block size and the Veeam Data Mover Service does not have sufficient permissions to determine the logical block...

7AI Score

2024-05-31 12:00 AM
4
hackread
hackread

In the jungle of AWS S3 Enumeration

Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable...

7.3AI Score

2024-05-30 11:46 PM
4
ibm
ibm

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...

9.8CVSS

9.2AI Score

0.975EPSS

2024-05-30 08:42 PM
3
debiancve
debiancve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
cve
cve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
nvd
nvd

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
cvelist
cvelist

CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.2AI Score

0.0004EPSS

2024-05-30 03:28 PM
1
vulnrichment
vulnrichment

CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.7AI Score

0.0004EPSS

2024-05-30 03:28 PM
talosblog
talosblog

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

7.8AI Score

2024-05-30 12:01 PM
7
openvas
openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1720)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.003EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1753)

The remote host is missing an update for the Huawei...

8.3CVSS

7.1AI Score

0.025EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0461-2)

The remote host is missing an update for...

7.5CVSS

6.7AI Score

0.0005EPSS

2024-05-30 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

7.1AI Score

0.0004EPSS

2024-05-30 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6796-1)

The remote host is missing an update for...

6.4CVSS

7.2AI Score

EPSS

2024-05-30 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1831-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

9CVSS

6.7AI Score

0.001EPSS

2024-05-30 12:00 AM
3
oraclelinux
oraclelinux

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...

6.2CVSS

7.7AI Score

0.001EPSS

2024-05-30 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

8.3CVSS

8.4AI Score

0.025EPSS

2024-05-30 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1842-1)

The remote host is missing an update for...

7.8CVSS

7.1AI Score

0.001EPSS

2024-05-30 12:00 AM
1
nvd
nvd

CVE-2024-36114

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-05-29 09:15 PM
osv
osv

CVE-2024-36114

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-05-29 09:15 PM
3
cve
cve

CVE-2024-36114

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...

8.6CVSS

6.3AI Score

0.0004EPSS

2024-05-29 09:15 PM
37
cvelist
cvelist

CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-05-29 08:24 PM
2
vulnrichment
vulnrichment

CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java...

8.6CVSS

8.5AI Score

0.0004EPSS

2024-05-29 08:24 PM
krebs
krebs

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

7.4AI Score

2024-05-29 07:21 PM
5
osv
osv

symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension

A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection. Support for handling PHP objects as values in this module has been deprecated, and the...

6.3AI Score

2024-05-29 06:53 PM
github
github

symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension

A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection. Support for handling PHP objects as values in this module has been deprecated, and the...

6.3AI Score

2024-05-29 06:53 PM
2
osv
osv

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-05-29 05:16 PM
2
cve
cve

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

2.3CVSS

6.6AI Score

0.0004EPSS

2024-05-29 05:16 PM
24
Total number of security vulnerabilities61901