K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604
Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604) Impact An attacker may exploit this...
6.1CVSS
5.6AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 (RHSA-2024:2764)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2764 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
5.3CVSS
6.2AI Score
EPSS
K000138732 : BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793
Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). (CVE-2024-21793) Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP NEXT Central Manager API...
7.5CVSS
8.2AI Score
0.0004EPSS
K000139037: TMM vulnerability CVE-2024-25560
Security Advisory Description When BIG-IP AFM is licensed and provisioned, and a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-25560) Impact Traffic is disrupted while the TMM process restarts. This...
7.5AI Score
0.0004EPSS
K000139217 : BIG-IP TMM tenants on VELOS and rSeries vulnerability CVE-2024-32761
Security Advisory Description Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is.....
6.5CVSS
6.8AI Score
0.0004EPSS
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
7.6CVSS
7.5AI Score
0.0005EPSS
K000138728 : BIG-IP IPsec vulnerability CVE-2024-33608
Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-33608) Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker.....
7.5CVSS
7.2AI Score
0.0004EPSS
Exploits and vulnerabilities in Q1 2024
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....
8.9AI Score
0.972EPSS
Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)
Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details ** CVEID: CVE-2024-1597 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) is vulnerable to SQL injection. A remote attacker could send specially...
10CVSS
9.7AI Score
0.001EPSS
(RHSA-2024:2724) Important: git-lfs security update
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
7.3AI Score
0.0004EPSS
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.7AI Score
0.0004EPSS
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.4AI Score
0.0004EPSS
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.6AI Score
0.0004EPSS
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.8AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.9AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
8.3CVSS
8AI Score
0.025EPSS
K000139532 : Node.js vulnerability CVE-2024-27983
Security Advisory Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are...
8.2CVSS
7.9AI Score
0.0004EPSS
9.9CVSS
7.1AI Score
0.002EPSS
Ubuntu 24.04 LTS : libvirt vulnerability (USN-6763-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6763-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.2CVSS
7AI Score
0.0004EPSS
8.6CVSS
8.6AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.4CVSS
7.4AI Score
0.001EPSS
3.7CVSS
4.5AI Score
0.001EPSS
6.9AI Score
0.0004EPSS
8CVSS
7.3AI Score
0.0005EPSS
openSUSE: Security Advisory for skopeo (SUSE-SU-2024:1497-1)
The remote host is missing an update for...
7.5AI Score
5.5CVSS
7.9AI Score
0.009EPSS
5.5CVSS
5.3AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
8.8CVSS
6.5AI Score
0.001EPSS
K000139533 : MySQL vulnerability CVE-2024-21090
Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
7.5CVSS
6.9AI Score
0.0005EPSS
5.3CVSS
5.5AI Score
0.0004EPSS
8.6CVSS
8.6AI Score
0.0005EPSS
8.2CVSS
7.4AI Score
0.0004EPSS
Oracle Linux 9 : libvirt (ELSA-2024-2560)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2560 advisory. A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative...
6.2CVSS
6.7AI Score
0.001EPSS
7.8CVSS
5.9AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Martin Širokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without...
6.2CVSS
7.2AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
6.8AI Score
0.0005EPSS
6.2CVSS
7.5AI Score
0.001EPSS
8.6CVSS
8.6AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
5.5CVSS
5.7AI Score
0.002EPSS
5CVSS
7.1AI Score
0.0005EPSS
Important: git-lfs security update
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
7.2AI Score
0.0004EPSS
7CVSS
7AI Score
0.001EPSS