Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

nvd
nvd

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

2.3CVSS

3.5AI Score

0.0004EPSS

2024-05-29 05:16 PM
cvelist
cvelist

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

2.3CVSS

3.4AI Score

0.0004EPSS

2024-05-29 04:35 PM
2
vulnrichment
vulnrichment

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

2.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:35 PM
qualysblog
qualysblog

2024 Cybersecurity Trends: What’s Observable Already?

2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...

7.4AI Score

2024-05-29 03:41 PM
6
osv
osv

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

2.3CVSS

6.9AI Score

0.0004EPSS

2024-05-29 03:25 PM
6
github
github

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

2.3CVSS

7.2AI Score

0.0004EPSS

2024-05-29 03:25 PM
8
veracode
veracode

Code Injection

silverstripe/framework is vulnerable to Code Injection. The vulnerability is due to the improper handling of associative arrays in the second argument of renderWith, where unsanitized user input can be passed directly as a...

7.2AI Score

2024-05-29 06:39 AM
1
nessus
nessus

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
1
nessus
nessus

EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1720)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

7.5CVSS

7AI Score

0.003EPSS

2024-05-29 12:00 AM
1
f5
f5

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
f5
f5

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....

5.9CVSS

5.9AI Score

0.0005EPSS

2024-05-29 12:00 AM
9
nessus
nessus

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
f5
f5

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-05-29 12:00 AM
4
f5
f5

K000139628: Out-of-band Security Notification (May 29, 2024)

Security Advisory Description On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch...

6.5CVSS

5.6AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
f5
f5

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the.....

6.5CVSS

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
ubuntu
ubuntu

TPM2 Software Stack vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages tpm2-tss - TPM2 Software Stack library Details Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to...

6.4CVSS

8.1AI Score

EPSS

2024-05-29 12:00 AM
4
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6796-1 advisory. Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use...

6.4CVSS

8.2AI Score

EPSS

2024-05-29 12:00 AM
f5
f5

K000139611: NGINX HTTP/3 QUIC vulnerability CVE-2024-31079

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection...

4.8CVSS

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
10
osv
osv

tpm2-tss vulnerabilities

Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...

6.4CVSS

7.2AI Score

EPSS

2024-05-28 10:05 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

10CVSS

9.3AI Score

EPSS

2024-05-28 08:05 PM
5
ibm
ibm

Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to...

7.5CVSS

5.8AI Score

0.001EPSS

2024-05-28 07:54 PM
nvd
nvd

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-05-28 07:15 PM
1
cve
cve

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-05-28 07:15 PM
31
osv
osv

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

7AI Score

0.0004EPSS

2024-05-28 07:15 PM
2
cvelist
cvelist

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-05-28 06:50 PM
4
github
github

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

7.3AI Score

2024-05-28 06:28 PM
8
osv
osv

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

7.3AI Score

2024-05-28 06:28 PM
3
nvd
nvd

CVE-2024-30212

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

6.7AI Score

0.0004EPSS

2024-05-28 04:15 PM
cve
cve

CVE-2024-30212

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

6.9AI Score

0.0004EPSS

2024-05-28 04:15 PM
30
osv
osv

CVE-2024-30212

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

7AI Score

0.0004EPSS

2024-05-28 04:15 PM
1
cvelist
cvelist

CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

6.7AI Score

0.0004EPSS

2024-05-28 04:07 PM
kitploit
kitploit

Pyrit - The Famous WPA Precomputed Cracker

Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....

7.2AI Score

2024-05-28 12:30 PM
10
schneier
schneier

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

7.2AI Score

2024-05-28 11:09 AM
14
securelist
securelist

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

7.8AI Score

2024-05-28 10:00 AM
14
nvd
nvd

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-05-28 07:15 AM
nvd
nvd

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-05-28 07:15 AM
cve
cve

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....

7.8CVSS

7.4AI Score

0.0004EPSS

2024-05-28 07:15 AM
36
cve
cve

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....

7.8CVSS

7.4AI Score

0.0004EPSS

2024-05-28 07:15 AM
36
cvelist
cvelist

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-05-28 06:22 AM
vulnrichment
vulnrichment

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....

7.8CVSS

7.6AI Score

0.0004EPSS

2024-05-28 06:22 AM
cvelist
cvelist

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-05-28 06:19 AM
vulnrichment
vulnrichment

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....

7.8CVSS

7.6AI Score

0.0004EPSS

2024-05-28 06:19 AM
1
talos
talos

libigl readMSH improper array index validation vulnerability

Talos Vulnerability Report TALOS-2024-1926 libigl readMSH improper array index validation vulnerability May 28, 2024 CVE Number CVE-2024-23948,CVE-2024-23951,CVE-2024-23947,CVE-2024-23950,CVE-2024-23949 SUMMARY Multiple improper array index validation vulnerabilities exist in the readMSH...

8.8CVSS

7.2AI Score

0.001EPSS

2024-05-28 12:00 AM
2
packetstorm

7.4AI Score

0.0004EPSS

2024-05-28 12:00 AM
79
nessus
nessus

Oracle Linux 8 : pcs (ELSA-2024-2953)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...

5.8CVSS

7AI Score

0.0004EPSS

2024-05-28 12:00 AM
nessus
nessus

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-05-28 12:00 AM
nessus
nessus

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-2962)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2962 advisory. - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 - Fixes: CVE-2022-40284 - Fixes: CVE-2021-46790, CVE-2022-30783,...

9.8CVSS

8.2AI Score

0.004EPSS

2024-05-28 12:00 AM
1
f5
f5

K000139794: Mozilla NSS vulnerability CVE-2023-5388

Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5...

6.7AI Score

0.0004EPSS

2024-05-28 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1788-1)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.005EPSS

2024-05-28 12:00 AM
4
nessus
nessus

Oracle Linux 8 : edk2 (ELSA-2024-3017)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...

9.4CVSS

6AI Score

0.006EPSS

2024-05-28 12:00 AM
5
Total number of security vulnerabilities61902