Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

kaspersky
kaspersky

KLA68916 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...

8.1CVSS

6.3AI Score

0.001EPSS

2024-06-11 12:00 AM
2
redos
redos

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block (TRB) ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-02

The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...

6.4CVSS

7.3AI Score

EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-03

A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the...

7.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-16

A vulnerability in the gitpython package is related to external git calls without sufficiently cleaning up input arguments. Exploitation of the vulnerability could allow an attacker acting remotely to inject a malicious remote URL into a clone...

9.8CVSS

6.7AI Score

0.011EPSS

2024-06-11 12:00 AM
nessus
nessus

RHEL 8 : fence-agents (RHSA-2024:3795)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

5.4CVSS

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
kaspersky
kaspersky

KLA68919 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code. A...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-11 12:00 AM
3
almalinux
almalinux

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 12:00 AM
1
almalinux
almalinux

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2024-35329

libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. Bugs https://github.com/yaml/libyaml/issues/298 Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share implementation flaws, but may share design...

7.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-11

A vulnerability in the CDP PDU Packet Handler component of the LLDP protocol implementation under Unix Lldpd is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information. remotely to gain...

9.8CVSS

6.6AI Score

0.001EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-08

A vulnerability in the PushShortPixel() function of a program for reading and editing files of multiple graphic formats, ImageMagick, is related to the passing of a specially created TIFF image file to ImageMagick for editing. of the ImageMagick program for reading and editing files of multiple...

5.5CVSS

7AI Score

0.001EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-01

Vulnerability in BSON Handler component of PyMongo client library is related to deserialize incorrect BSON. Exploitation of the vulnerability could allow an attacker acting remotely to disclose sensitive...

4.7CVSS

6.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-09

A vulnerability in the BIND DNS server is related to a flaw in the use of assert(). Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS...

7.5CVSS

7.1AI Score

0.05EPSS

2024-06-11 12:00 AM
nessus
nessus

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

7.3AI Score

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68917 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Dynamics 365...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

FreeBSD : Composer -- Multiple command injections via malicious git/hg branch names (5f608c68-276c-11ef-8caa-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f608c68-276c-11ef-8caa-0897988a1c07 advisory. Composer project reports: The status, reinstall and remove commands with packages ...

8.8CVSS

8AI Score

0.0004EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-07

A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...

7.5CVSS

7.1AI Score

0.05EPSS

2024-06-11 12:00 AM
2
nessus
nessus

RHEL 8 : kpatch-patch (RHSA-2024:3805)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...

7.8CVSS

7.4AI Score

0.011EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68921 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...

8.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
redos
redos

ROS-20240611-05

The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...

9.1CVSS

8.4AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-12

Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...

7.5CVSS

7.1AI Score

0.002EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-15

Vulnerability in archive-zip component of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create a potentially dangerous zip file A vulnerability in the net-netip component of the Golang...

6.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Fortinet Fortigate (FG-IR-24-036)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-036 advisory. A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb,...

7.5CVSS

8.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Debian dsa-5708 : cyrus-admin - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5708 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5708-1 [email protected] ...

6.5CVSS

6.7AI Score

0.0005EPSS

2024-06-11 12:00 AM
almalinux
almalinux

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0). (AlmaLinux-35740) Security Fix(es): ruby/cgi-gem: HTTP response.....

8.8CVSS

9AI Score

EPSS

2024-06-11 12:00 AM
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 126.0.6478.54 (Linux) 126.0.6478.56/57( Windows, Mac) contains a number of fixes and improvements -- a list of changes is...

8.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
8
kaspersky
kaspersky

KLA68912 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Visual Studio can be exploited remotely to gain...

7.3CVSS

8.8AI Score

0.001EPSS

2024-06-11 12:00 AM
nessus
nessus

Fortinet Fortigate (FG-IR-23-471)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and...

6.8CVSS

7AI Score

0.0004EPSS

2024-06-11 12:00 AM
redos
redos

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...

7.3AI Score

EPSS

2024-06-11 12:00 AM
1
redos
redos

ROS-20240611-10

Vulnerability of uv_getaddrinfo() function (src/unix/getaddrinfo.c, src/win/getaddrinfo.c) of libuv asynchronous I/O library is related to insufficient checking of incoming requests. libuv asynchronous I/O is due to insufficient checking of incoming requests. Exploitation of the vulnerability...

7.3CVSS

6.8AI Score

0.001EPSS

2024-06-11 12:00 AM
2
nessus
nessus

Fortinet Fortigate (FG-IR-23-356)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-356 advisory. A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through...

6.7CVSS

8AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Fortinet Fortigate (FG-IR-23-423)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and...

1.8CVSS

7.3AI Score

0.0004EPSS

2024-06-11 12:00 AM
nessus
nessus

Fortinet Fortigate (FG-IR-23-460)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-460 advisory. A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,...

7.8CVSS

8AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
redos
redos

ROS-20240611-04

A vulnerability in the JSON Handler component of the Python PyMySQL library of MySQL is related to keys not being escaped properly using escape_dict. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to data, tampering with data, or potentially...

7.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
kaspersky
kaspersky

KLA68915 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...

9.8CVSS

10AI Score

0.003EPSS

2024-06-11 12:00 AM
10
kaspersky
kaspersky

KLA68914 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A denial of service vulnerability in DNS...

9.8CVSS

10AI Score

0.003EPSS

2024-06-11 12:00 AM
14
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 10:53 PM
15
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION:...

7.5CVSS

9.4AI Score

0.732EPSS

2024-06-10 10:47 PM
7
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-10 10:46 PM
4
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 08:24 PM
9
thn
thn

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...

7.5AI Score

2024-06-10 03:24 PM
1
impervablog
impervablog

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

7AI Score

2024-06-10 01:00 PM
12
nvd
nvd

CVE-2024-3699

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through...

9.8CVSS

0.001EPSS

2024-06-10 12:15 PM
5
cve
cve

CVE-2024-3700

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

9.8CVSS

6.4AI Score

0.001EPSS

2024-06-10 12:15 PM
25
cve
cve

CVE-2024-3699

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through...

9.8CVSS

6.4AI Score

0.001EPSS

2024-06-10 12:15 PM
24
nvd
nvd

CVE-2024-3700

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

9.8CVSS

0.001EPSS

2024-06-10 12:15 PM
5
cve
cve

CVE-2024-1228

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version...

9.8CVSS

6.4AI Score

0.001EPSS

2024-06-10 12:15 PM
26
Total number of security vulnerabilities222220