Lucene search

K

Ryzen™ 2000 Series Processors Security Vulnerabilities

nessus
nessus

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2289)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2289 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

5.5CVSS

6.3AI Score

0.003EPSS

2024-04-27 12:00 AM
4
nessus
nessus

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2228)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2228 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

5.5CVSS

6.3AI Score

0.003EPSS

2024-04-27 12:00 AM
1
nessus
nessus

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2364)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2364 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

5.5CVSS

6.3AI Score

0.003EPSS

2024-04-27 12:00 AM
1
nessus
nessus

RHEL 7 : openstack-aodh (RHSA-2018:0315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0315 advisory. openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry...

7.5CVSS

7.3AI Score

0.005EPSS

2024-04-27 12:00 AM
1
nessus
nessus

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2363)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2363 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

5.5CVSS

7.1AI Score

0.003EPSS

2024-04-27 12:00 AM
ics
ics

Mitsubishi Electric MELSEC Series CPU Module (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

10CVSS

8.2AI Score

0.01EPSS

2024-04-25 12:00 PM
28
ics
ics

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missing...

7.5CVSS

7.8AI Score

0.003EPSS

2024-04-25 12:00 PM
24
ics
ics

Multiple Vulnerabilities in Hitachi Energy RTU500 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the...

8.2CVSS

7.3AI Score

0.0004EPSS

2024-04-25 12:00 PM
24
talos
talos

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...

8.1CVSS

7.9AI Score

0.001EPSS

2024-04-25 12:00 AM
8
nessus
nessus

Juniper Junos OS Vulnerability (JSA79105)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79105 advisory. An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-04-25 12:00 AM
4
talos
talos

Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22391 SUMMARY A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23......

7.7CVSS

7.7AI Score

0.001EPSS

2024-04-25 12:00 AM
8
talos
talos

Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-04-25 12:00 AM
9
qualysblog
qualysblog

Unveiling the Hidden Power of the CMDB in Cybersecurity

In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and...

6.9AI Score

2024-04-24 08:57 PM
5
cve
cve

CVE-2024-20295

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 08:15 PM
58
cve
cve

CVE-2024-20356

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...

8.7CVSS

7.5AI Score

0.0004EPSS

2024-04-24 08:15 PM
58
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...

7.4AI Score

0.0004EPSS

2024-04-24 04:00 PM
16
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....

7.4AI Score

0.002EPSS

2024-04-24 04:00 PM
24
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

7.5AI Score

0.001EPSS

2024-04-24 04:00 PM
23
talosblog
talosblog

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...

8.3AI Score

0.942EPSS

2024-04-24 03:54 PM
26
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS

8.6AI Score

0.001EPSS

2024-04-24 01:04 PM
11
cve
cve

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-04-23 05:15 PM
42
nvd
nvd

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-04-23 05:15 PM
nvd
nvd

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-04-23 05:15 PM
1
cve
cve

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-04-23 05:15 PM
37
cvelist
cvelist

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-04-23 04:36 PM
cvelist
cvelist

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-04-23 04:36 PM
rosalinux
rosalinux

Advisory ROSA-SA-2024-2409

Software: xz 5.2.2 OS: rosa-server79 package_evr_string: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...

10CVSS

9.6AI Score

0.133EPSS

2024-04-23 12:23 PM
13
rosalinux
rosalinux

Advisory ROSA-SA-2024-2408

Software: xz 5.2.4 OS: ROSA Virtualization 2.1 package_evr_string: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process....

10CVSS

9.6AI Score

0.133EPSS

2024-04-23 12:20 PM
31
rosalinux
rosalinux

Advisory ROSA-SA-2024-2407

software: xz 5.2.9 AXIS: ROSA-CHROME package_evr_string: xz-5.2.9-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in the xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...

10CVSS

9.6AI Score

0.133EPSS

2024-04-23 12:16 PM
9
ics
ics

Mitsubishi Electric Electrical Discharge Machines (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

9.8CVSS

9.5AI Score

0.956EPSS

2024-04-23 12:00 PM
29
thn
thn

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly...

9.8CVSS

9.8AI Score

0.922EPSS

2024-04-23 04:23 AM
62
rubygems
rubygems

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

7.3AI Score

EPSS

2024-04-22 09:00 PM
6
krebs
krebs

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites......

6.8AI Score

2024-04-22 08:07 PM
7
thn
thn

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from...

6.9AI Score

2024-04-22 03:11 PM
23
thn
thn

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the...

7.8CVSS

7.9AI Score

0.001EPSS

2024-04-22 09:22 AM
34
ibm
ibm

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details ** CVEID: CVE-2023-26119 DESCRIPTION:...

9.8CVSS

10AI Score

0.164EPSS

2024-04-22 06:05 AM
17
nessus
nessus

Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-1917)

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....

9.8CVSS

7.8AI Score

0.0004EPSS

2024-04-21 12:00 AM
11
nessus
nessus

Mitsubishi MELSEC-Q/L Series Incorrect Pointer Scaling (CVE-2024-0802)

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted...

9.8CVSS

7.5AI Score

0.0004EPSS

2024-04-21 12:00 AM
6
nessus
nessus

Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-0803)

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....

9.8CVSS

7.8AI Score

0.0004EPSS

2024-04-21 12:00 AM
5
nessus
nessus

Mitsubishi MELSEC-Q/L Series Incorrect Pointer Scaling (CVE-2024-1915)

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot. Please...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-04-21 12:00 AM
8
nessus
nessus

Mitsubishi MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-1916)

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot....

9.8CVSS

7.8AI Score

0.0004EPSS

2024-04-21 12:00 AM
5
nvd
nvd

CVE-2024-4018

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-04-19 09:15 PM
cve
cve

CVE-2024-4017

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-19 09:15 PM
37
nvd
nvd

CVE-2024-4017

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-04-19 09:15 PM
1
cve
cve

CVE-2024-4018

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-19 09:15 PM
36
cvelist
cvelist

CVE-2024-4017 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-19 08:40 PM
vulnrichment
vulnrichment

CVE-2024-4017 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

7AI Score

0.0004EPSS

2024-04-19 08:40 PM
cvelist
cvelist

CVE-2024-4018 Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-19 08:29 PM
talosblog
talosblog

What’s the deal with the massive backlog of vulnerabilities at the NVD?

The National Vulnerability Database is usually the single source of truth for all things related to security vulnerabilities. But now, they're facing an uphill battle against a massive backlog of vulnerabilities, some of which are still waiting to be analyzed, and others that still have an...

7AI Score

2024-04-19 12:00 PM
10
thn
thn

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....

9.1CVSS

8.2AI Score

0.027EPSS

2024-04-19 11:01 AM
31
Total number of security vulnerabilities69337