Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

redhatcve
redhatcve

CVE-2024-36124

A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and this....

5.3CVSS

5.1AI Score

0.0004EPSS

2024-06-05 01:33 PM
5
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
thn
thn

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security....

7.5AI Score

2024-06-05 11:00 AM
2
malwarebytes
malwarebytes

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens...

7.4AI Score

2024-06-05 10:03 AM
8
veracode
veracode

Cross-site Flashing

typo3/cms is vulnerable to Cross-site Flashing. The vulnerability is due to missing validation of flash and image files, allowing the embedding of flash videos from external...

7AI Score

2024-06-05 08:24 AM
thn
thn

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating....

9.8CVSS

10AI Score

0.937EPSS

2024-06-05 07:10 AM
8
veracode
veracode

Cleartext Password Storage

statamic/cms is vulnerable to Cleartext Password Storage. This vulnerability is due to the insecure handling of password confirmation data, which affects users registered via the user:register_form tag and using file-based user accounts. The vulnerability allows an attacker, who gains access to...

1.8CVSS

3.8AI Score

0.0004EPSS

2024-06-05 06:44 AM
1
fedora

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.3AI Score

0.001EPSS

2024-06-05 12:00 AM
f5
f5

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

9.8CVSS

7.5AI Score

0.006EPSS

2024-06-05 12:00 AM
9
nessus
nessus

RHEL 8 : kernel-rt (RHSA-2024:3627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3627 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
2
almalinux
almalinux

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

7AI Score

0.001EPSS

2024-06-05 12:00 AM
f5
f5

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

7.5CVSS

7.6AI Score

0.004EPSS

2024-06-05 12:00 AM
4
f5
f5

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

9.8CVSS

9.6AI Score

0.014EPSS

2024-06-05 12:00 AM
10
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 6.1 Update 1.2 (6.1.1-39)

This update provides a stability improvement. Vulnerability id: VSTOR-85986 Enabled adding multiple devices to the boot sequence of Linux...

7.3AI Score

2024-06-05 12:00 AM
4
nessus
nessus

AlmaLinux 8 : kernel-rt (ALSA-2024:3627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
nessus
nessus

AlmaLinux 8 : kernel update (Medium) (ALSA-2024:3618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-05 12:00 AM
3
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 5.4 Update 4.7 (5.4.4-152)

This update provides stability and performance improvements. Vulnerability id: VSTOR-80766, VSTOR-81600, VSTOR-85345 Improvements in certificate eligibility...

7.3AI Score

2024-06-05 12:00 AM
1
almalinux
almalinux

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-05 12:00 AM
3
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 6.0 Update 1.7 (6.0.1-96)

This update provides a stability improvement. Vulnerability id: VSTOR-85872 A stability fix for Backup...

7.3AI Score

2024-06-05 12:00 AM
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.6AI Score

0.001EPSS

2024-06-05 12:00 AM
2
oraclelinux
oraclelinux

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

7.8CVSS

9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nessus
nessus

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
github
github

iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash

Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-04 05:38 PM
5
osv
osv

iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash

Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-04 05:38 PM
1
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
8
mssecure
mssecure

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust...

7.5AI Score

2024-06-04 04:00 PM
3
osv
osv

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in github.com/kopia/kopia

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in...

7.2AI Score

2024-06-04 03:19 PM
4
osv
osv

source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller

source-controller leaks Azure Storage SAS token into logs in...

5.1CVSS

6.4AI Score

0.0004EPSS

2024-06-04 03:19 PM
5
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
osv
osv

BIT-minio-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:46 AM
2
f5
f5

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-06-04 12:00 AM
5
nessus
nessus

Oracle Linux 9 : libvirt (ELSA-2024-12406)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12406 advisory. - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python Tenable has extracted the...

5.5CVSS

7.1AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1908-1)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
cve
cve

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

7.1AI Score

0.0004EPSS

2024-06-03 07:15 PM
26
nvd
nvd

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

6.6AI Score

0.0004EPSS

2024-06-03 07:15 PM
cvelist
cvelist

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

6.6AI Score

0.0004EPSS

2024-06-03 06:17 PM
vulnrichment
vulnrichment

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

6.9AI Score

0.0004EPSS

2024-06-03 06:17 PM
cve
cve

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-06-03 03:15 PM
26
nvd
nvd

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-03 03:15 PM
malwarebytes
malwarebytes

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

7.2AI Score

2024-06-03 02:55 PM
4
osv
osv

TYPO3 is susceptible to Cross-Site Flashing

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external...

7.1AI Score

2024-06-03 02:39 PM
4
github
github

TYPO3 is susceptible to Cross-Site Flashing

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external...

7.1AI Score

2024-06-03 02:39 PM
2
cvelist
cvelist

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-03 02:25 PM
redhatcve
redhatcve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.3AI Score

0.0004EPSS

2024-06-03 02:02 PM
2
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
5
cve
cve

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 08:15 AM
15
nvd
nvd

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 08:15 AM
cvelist
cvelist

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 07:55 AM
vulnrichment
vulnrichment

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-03 07:55 AM
Total number of security vulnerabilities62133