Lucene search

K

Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX2 Series, Jetson TX2 NX Security Vulnerabilities

arista
arista

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...

7.5CVSS

6AI Score

0.005EPSS

2024-04-05 12:00 AM
32
zdt
zdt

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...

7.8AI Score

2024-04-05 12:00 AM
99
cve
cve

CVE-2024-29182

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...

6.1CVSS

5.2AI Score

0.0004EPSS

2024-04-04 03:15 PM
29
nvd
nvd

CVE-2024-29182

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...

6.1CVSS

5.8AI Score

0.0004EPSS

2024-04-04 03:15 PM
cvelist
cvelist

CVE-2024-29182 Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...

6.1CVSS

5.9AI Score

0.0004EPSS

2024-04-04 02:48 PM
ics
ics

Schweitzer Engineering Laboratories SEL

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL 700 series relays Vulnerability: Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability could...

6.5CVSS

7.3AI Score

0.0004EPSS

2024-04-04 12:00 PM
13
redhatcve
redhatcve

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

6.6AI Score

0.0004EPSS

2024-04-04 12:33 AM
3
packetstorm

7.4AI Score

2024-04-04 12:00 AM
64
nessus
nessus

Cisco Access Points Managed from Catalyst DoS (cisco-sa-ap-dos-h9TGGX6W)

According to its self-reported version, Cisco access points managed by this Cisco Catalyst 9800 Series Wireless Controller are affected by a denial of service vulnerability. Due to insufficient input validation of certain IPv4 packets, an unauthenticated, remote attacker can causing attached...

8.6CVSS

6.9AI Score

0.0004EPSS

2024-04-04 12:00 AM
11
zeroscience
zeroscience

Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

Title: Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit Advisory ID: ZSL-2024-5813 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 04.04.2024 Summary The TRA7000 series is a set of products dedicated to broadcast,...

7.8AI Score

EPSS

2024-04-04 12:00 AM
86
nvd
nvd

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

7.4AI Score

0.0004EPSS

2024-04-03 05:15 PM
debiancve
debiancve

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

6.7AI Score

0.0004EPSS

2024-04-03 05:15 PM
9
cve
cve

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

6.2AI Score

0.0004EPSS

2024-04-03 05:15 PM
28
cve
cve

CVE-2024-20362

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to...

6.1CVSS

6AI Score

0.0004EPSS

2024-04-03 05:15 PM
27
cvelist
cvelist

CVE-2024-26761 cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

7.5AI Score

0.0004EPSS

2024-04-03 05:00 PM
thn
thn

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A...

9.2AI Score

0.001EPSS

2024-04-03 04:10 PM
40
cisco
cisco

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to...

6.3AI Score

0.0004EPSS

2024-04-03 04:00 PM
13
thn
thn

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland...

7.2AI Score

2024-04-03 03:32 PM
22
github
github

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting

Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....

6.9AI Score

2024-04-03 02:26 PM
11
nvd
nvd

CVE-2024-27201

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....

4.9CVSS

5AI Score

0.0004EPSS

2024-04-03 02:15 PM
cve
cve

CVE-2024-27201

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....

4.9CVSS

5.8AI Score

0.0004EPSS

2024-04-03 02:15 PM
34
cve
cve

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger....

4.9CVSS

7.7AI Score

0.0004EPSS

2024-04-03 02:15 PM
30
nvd
nvd

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger....

4.9CVSS

5AI Score

0.0004EPSS

2024-04-03 02:15 PM
nvd
nvd

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to...

4.9CVSS

5.2AI Score

0.0005EPSS

2024-04-03 02:15 PM
1
cve
cve

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to...

4.9CVSS

6AI Score

0.0005EPSS

2024-04-03 02:15 PM
30
nvd
nvd

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

4.9CVSS

5.2AI Score

0.0005EPSS

2024-04-03 02:15 PM
cve
cve

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

4.9CVSS

8AI Score

0.0005EPSS

2024-04-03 02:15 PM
33
cvelist
cvelist

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger....

4.9CVSS

5.3AI Score

0.0004EPSS

2024-04-03 01:55 PM
cvelist
cvelist

CVE-2024-27201

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....

4.9CVSS

5.3AI Score

0.0004EPSS

2024-04-03 01:55 PM
cvelist
cvelist

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

4.9CVSS

5.4AI Score

0.0005EPSS

2024-04-03 01:55 PM
cvelist
cvelist

CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to...

4.9CVSS

5.4AI Score

0.0005EPSS

2024-04-03 01:55 PM
arista
arista

Security Advisory 0095

Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...

10CVSS

6.6AI Score

0.133EPSS

2024-04-03 12:00 AM
9
talos
talos

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

4.9CVSS

6.9AI Score

0.0005EPSS

2024-04-03 12:00 AM
7
nessus
nessus

AlmaLinux 8 : curl (ALSA-2024:1601)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1601 advisory. An information disclosure vulnerability exists in...

6.5CVSS

6.8AI Score

0.001EPSS

2024-04-03 12:00 AM
9
talos
talos

Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability

Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration...

4.9CVSS

6.8AI Score

0.0004EPSS

2024-04-03 12:00 AM
9
talos
talos

Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...

4.9CVSS

6.2AI Score

0.0004EPSS

2024-04-03 12:00 AM
14
nessus
nessus

Cisco IOS Software for Catalyst 6000 Series Switches DoS (cisco-sa-ios-dos-Hq4d3tZG)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due...

7.4CVSS

7.1AI Score

0.0004EPSS

2024-04-03 12:00 AM
4
talos
talos

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

4.9CVSS

7AI Score

0.0005EPSS

2024-04-03 12:00 AM
9
nessus
nessus

Oracle Linux 8 : curl (ELSA-2024-1601)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1601 advisory. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl...

6.5CVSS

6.4AI Score

0.001EPSS

2024-04-03 12:00 AM
9
ubuntucve
ubuntucve

CVE-2024-26761

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...

7.5AI Score

0.0004EPSS

2024-04-03 12:00 AM
4
redhat
redhat

(RHSA-2024:1644) Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.7AI Score

0.0005EPSS

2024-04-02 08:03 PM
10
thn
thn

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0),...

10CVSS

9.9AI Score

0.133EPSS

2024-04-02 01:18 PM
50
githubexploit
githubexploit

Exploit for Embedded Malicious Code in Tukaani Xz

Description Malicious code was discovered in the upstream...

10CVSS

9.5AI Score

0.133EPSS

2024-04-02 01:56 AM
165
nessus
nessus

RHEL 8 : grafana-pcp (RHSA-2024:1644)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1644 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-04-02 12:00 AM
9
nessus
nessus

CentOS 8 : curl (CESA-2024:1601)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1601 advisory. An information disclosure vulnerability exists in...

6.5CVSS

8.2AI Score

0.001EPSS

2024-04-02 12:00 AM
21
almalinux
almalinux

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.6AI Score

0.0005EPSS

2024-04-02 12:00 AM
7
trellix
trellix

SuperSize Me

SuperSize Me By Floser Bacurio Jr., Bernadette Canubas, Michaelo Oliveros · April 02, 2024 Introduction Cyber attackers are always finding new ways to outsmart security systems and distribute malware effectively. We discovered an interesting detection evasion technique of delivering archive files.....

7.2AI Score

2024-04-02 12:00 AM
20
openvas
openvas

Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)

The XZ Utils of the Tukaani Project have been backdoored by an unknown threat actor in February and March...

10CVSS

9.8AI Score

0.133EPSS

2024-04-02 12:00 AM
6
osv
osv

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-04-02 12:00 AM
10
veracode
veracode

Injected Malicious Code

XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which.....

10CVSS

7.1AI Score

0.133EPSS

2024-04-01 09:18 PM
15
Total number of security vulnerabilities32741