IBM SECURITY ADVISORY First Issued: Wed Feb 28 12:58:51 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssh_advisory16.asc Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795),...
6.5CVSS
7.1AI Score
0.963EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 - Expect Script POC Microsoft Outlook Leak...
9.8CVSS
10AI Score
0.006EPSS
8.8CVSS
8AI Score
0.001EPSS
Security Advisory 0093 _._CSAF PDF Date: February 28, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 28, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-27889 CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Common Weakness Enumeration: CWE-89:...
8.8CVSS
9.3AI Score
0.001EPSS
Security Bulletin: NVIDIA GPU Display Driver - February 2024
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
7.8CVSS
8.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------...
6.9AI Score
0.0004EPSS
CVE-2021-46961 irqchip/gic-v3: Do not enable irqs when handling spurious interrups
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------...
8.3AI Score
0.0004EPSS
CVE-2021-46961 irqchip/gic-v3: Do not enable irqs when handling spurious interrups
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------...
6.5AI Score
0.0004EPSS
Santesoft Sante DICOM Viewer Pro
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary...
7.8CVSS
7.3AI Score
0.0004EPSS
Mitsubishi Electric Multiple Factory Automation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.5AI Score
0.0004EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A...
9.8CVSS
8.1AI Score
0.975EPSS
7.4AI Score
7.4AI Score
JVN#73283159: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Reflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1...
6.1CVSS
7.6AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------ [...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.3AI Score
0.0004EPSS
CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.5AI Score
0.0004EPSS
CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.5AI Score
0.0004EPSS
Helm's Missing YAML Content Leads To Panic
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...
7.5CVSS
7.3AI Score
0.0004EPSS
Helm's Missing YAML Content Leads To Panic
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...
7.5CVSS
7.3AI Score
0.0004EPSS
Delta Electronics CNCSoft-B DOPSoft
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...
7.8CVSS
7.9AI Score
0.001EPSS
Helm is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing checks during the parsing of index and plugin YAML files leading to a crash when either an index.yaml file or a plugin.yaml file are missing...
7.5CVSS
7AI Score
0.0004EPSS
IBM SECURITY ADVISORY First Issued: Wed Feb 21 15:59:59 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perl_advisory8.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl (CVE-2024-25021,...
9.8CVSS
8.1AI Score
0.001EPSS
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted...
6.9AI Score
0.0004EPSS
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted...
6.7AI Score
0.0004EPSS
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted...
7.5AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CISA Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful...
9.8CVSS
8.4AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Commend Equipment: WS203VICM Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
9.4CVSS
7.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: libmodsecurity-3.0.12-1.fc39
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
8.6CVSS
7.2AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: libmodsecurity-3.0.12-1.fc38
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...
8.6CVSS
7.2AI Score
0.001EPSS
Fedora: Security Advisory for libmodsecurity (FEDORA-2024-698e541c52)
The remote host is missing an update for...
8.6CVSS
8.7AI Score
0.001EPSS
Fedora: Security Advisory for libmodsecurity (FEDORA-2024-4645d0fdef)
The remote host is missing an update for...
8.6CVSS
8.7AI Score
0.001EPSS
KLA64091 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: Implementation vulnerability in Content...
8.3AI Score
EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 122 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 122.0.6261.57 (Linux and Mac), 122.0.6261.57/.58( Windows) contains a number of fixes and improvements -- a list of changes...
7.4AI Score
EPSS
JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...
6.7AI Score
0.0004EPSS
Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...
3.1CVSS
3.7AI Score
0.0004EPSS
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted...
6.9AI Score
0.0004EPSS
Fedora 39 : libmodsecurity (2024-4645d0fdef)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4645d0fdef advisory. ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs....
8.6CVSS
7.2AI Score
0.001EPSS
7.4AI Score
Fedora 38 : libmodsecurity (2024-698e541c52)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-698e541c52 advisory. ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs....
8.6CVSS
7.2AI Score
0.001EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 - Expect Script POC Microsoft Outlook Leak...
9.8CVSS
10AI Score
0.006EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
6.8AI Score
0.0004EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
7AI Score
0.0004EPSS