Lucene search

K

HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

osv
osv

scikit-learn sensitive data leakage vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

6.5AI Score

0.0004EPSS

2024-06-06 09:30 PM
wired
wired

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all...

7.2AI Score

2024-06-06 07:41 PM
4
debiancve
debiancve

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

5.2AI Score

0.0004EPSS

2024-06-06 07:16 PM
1
osv
osv

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

6.6AI Score

0.0004EPSS

2024-06-06 07:16 PM
cve
cve

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
25
nvd
nvd

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

0.0004EPSS

2024-06-06 07:16 PM
1
cve
cve

CVE-2024-22326

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: ...

5CVSS

6.8AI Score

0.0004EPSS

2024-06-06 07:15 PM
22
nvd
nvd

CVE-2024-22326

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: ...

5CVSS

0.0004EPSS

2024-06-06 07:15 PM
cvelist
cvelist

CVE-2024-5206 Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

0.0004EPSS

2024-06-06 06:28 PM
2
vulnrichment
vulnrichment

CVE-2024-5206 Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:28 PM
1
vulnrichment
vulnrichment

CVE-2024-22326 IBM System Storage improper authentication

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: ...

5CVSS

6.7AI Score

0.0004EPSS

2024-06-06 06:19 PM
cvelist
cvelist

CVE-2024-22326 IBM System Storage improper authentication

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: ...

5CVSS

0.0004EPSS

2024-06-06 06:19 PM
2
ibm
ibm

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details ** CVEID: CVE-2023-48795 DESCRIPTION: **OpenSSH is vulnerable to a...

5.9CVSS

6.4AI Score

0.963EPSS

2024-06-06 12:29 PM
3
thn
thn

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and...

7.1AI Score

2024-06-06 09:54 AM
2
f5
f5

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
7
ubuntucve
ubuntucve

CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...

4.7CVSS

5.2AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
packetstorm

7.4AI Score

2024-06-06 12:00 AM
79
nessus
nessus

Oracle Linux 8 : kernel (ELSA-2024-3618)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-06 12:00 AM
4
ibm
ibm

Security Bulletin: DS8900F DSCLI LDAP Client allows unauthenticated-bind LDAP with valid user name and empty password ( CVE-2024-22326 )

Summary The updates indicated below have been released to address CVE-2024-22326 (Deny unauthenticated-bind LDAP connection request). Vulnerability Details ** CVEID: CVE-2024-22326 DESCRIPTION: **IBM System Storage DS8000 could allow a remote user to create an LDAP connection with a valid...

5CVSS

5.6AI Score

0.0004EPSS

2024-06-05 09:36 PM
3
osv
osv

Cache Flooding in TYPO3 Frontend

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...

7AI Score

2024-06-05 04:55 PM
4
github
github

Cache Flooding in TYPO3 Frontend

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...

7AI Score

2024-06-05 04:55 PM
1
redhatcve
redhatcve

CVE-2024-36124

A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and this....

5.3CVSS

5.1AI Score

0.0004EPSS

2024-06-05 01:33 PM
5
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
thn
thn

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security....

7.5AI Score

2024-06-05 11:00 AM
2
malwarebytes
malwarebytes

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens...

7.4AI Score

2024-06-05 10:03 AM
8
veracode
veracode

Cross-site Flashing

typo3/cms is vulnerable to Cross-site Flashing. The vulnerability is due to missing validation of flash and image files, allowing the embedding of flash videos from external...

7AI Score

2024-06-05 08:24 AM
thn
thn

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating....

9.8CVSS

10AI Score

0.937EPSS

2024-06-05 07:10 AM
8
veracode
veracode

Cleartext Password Storage

statamic/cms is vulnerable to Cleartext Password Storage. This vulnerability is due to the insecure handling of password confirmation data, which affects users registered via the user:register_form tag and using file-based user accounts. The vulnerability allows an attacker, who gains access to...

1.8CVSS

3.8AI Score

0.0004EPSS

2024-06-05 06:44 AM
1
fedora

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.3AI Score

0.001EPSS

2024-06-05 12:00 AM
f5
f5

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

9.8CVSS

7.5AI Score

0.006EPSS

2024-06-05 12:00 AM
9
nessus
nessus

RHEL 8 : kernel-rt (RHSA-2024:3627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3627 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
2
almalinux
almalinux

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

7AI Score

0.001EPSS

2024-06-05 12:00 AM
f5
f5

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

7.5CVSS

7.6AI Score

0.004EPSS

2024-06-05 12:00 AM
4
f5
f5

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

9.8CVSS

9.6AI Score

0.014EPSS

2024-06-05 12:00 AM
10
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 6.1 Update 1.2 (6.1.1-39)

This update provides a stability improvement. Vulnerability id: VSTOR-85986 Enabled adding multiple devices to the boot sequence of Linux...

7.3AI Score

2024-06-05 12:00 AM
4
nessus
nessus

AlmaLinux 8 : kernel-rt (ALSA-2024:3627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
nessus
nessus

AlmaLinux 8 : kernel update (Medium) (ALSA-2024:3618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-05 12:00 AM
3
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 5.4 Update 4.7 (5.4.4-152)

This update provides stability and performance improvements. Vulnerability id: VSTOR-80766, VSTOR-81600, VSTOR-85345 Improvements in certificate eligibility...

7.3AI Score

2024-06-05 12:00 AM
1
almalinux
almalinux

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-05 12:00 AM
3
virtuozzo
virtuozzo

Virtuozzo Hybrid Infrastructure 6.0 Update 1.7 (6.0.1-96)

This update provides a stability improvement. Vulnerability id: VSTOR-85872 A stability fix for Backup...

7.3AI Score

2024-06-05 12:00 AM
oraclelinux
oraclelinux

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

7.8CVSS

9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nessus
nessus

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.6AI Score

0.001EPSS

2024-06-05 12:00 AM
3
github
github

iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash

Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-04 05:38 PM
5
osv
osv

iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash

Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-06-04 05:38 PM
1
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
8
mssecure
mssecure

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust...

7.5AI Score

2024-06-04 04:00 PM
3
osv
osv

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in github.com/kopia/kopia

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in...

7.2AI Score

2024-06-04 03:19 PM
4
osv
osv

source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller

source-controller leaks Azure Storage SAS token into logs in...

5.1CVSS

6.4AI Score

0.0004EPSS

2024-06-04 03:19 PM
5
Total number of security vulnerabilities62157