Lucene search

K

Ryzen™ 2000 Series Processors Security Vulnerabilities

ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for...

7.8CVSS

7.2AI Score

0.0004EPSS

2024-04-19 12:00 AM
15
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

7.8CVSS

7.2AI Score

0.003EPSS

2024-04-19 12:00 AM
11
nessus
nessus

Cisco Integrated Management Controller CLI Command Injection (cisco-sa-cimc-cmd-inj-mUx4c5AJ)

According to its self-reported version, Cisco Integrated Management Controller CLI is affected by a command injection vulnerability. Due to insufficient validation of user-supplied input, the vulnerability could allow an authenticated, local attacker to perform command injection attacks on the...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-19 12:00 AM
8
nessus
nessus

Mitsubishi MELSEC iQ-F Series Insufficient Resource Pool (CVE-2023-7033)

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-04-19 12:00 AM
5
talosblog
talosblog

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...

7.8AI Score

2024-04-18 06:00 PM
9
qualysblog
qualysblog

TotalCloud Insights: Safeguarding Your Cloud Database from SQL Server Threats and Lateral Movement Risks

Introduction In today's tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in....

8.1AI Score

2024-04-18 02:00 PM
8
ics
ics

Mitsubishi Electric MELSEC iQ-R Series (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-R Series CPU Module Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insufficiently Protected Credentials, Overly Restrictive Account.....

9.1CVSS

7.4AI Score

0.004EPSS

2024-04-18 12:00 PM
20
ics
ics

Mitsubishi Electric MELSEC iQ-R Series (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-R Series CPU Module Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

9.1CVSS

7.5AI Score

0.003EPSS

2024-04-18 12:00 PM
23
schneier
schneier

Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated...

7.3AI Score

2024-04-18 11:06 AM
8
securelist
securelist

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...

7.8AI Score

2024-04-18 10:00 AM
20
nessus
nessus

Amazon Linux 2 : tomcat (ALAS-2024-2517)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2517 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

7.5CVSS

7.4AI Score

0.034EPSS

2024-04-18 12:00 AM
6
nessus
nessus

Juniper Junos OS Vulnerability (JSA75757)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75757 advisory. An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated,...

7.5CVSS

7.2AI Score

0.0005EPSS

2024-04-18 12:00 AM
5
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

7.8CVSS

8.4AI Score

EPSS

2024-04-18 12:00 AM
18
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

7.8CVSS

8AI Score

EPSS

2024-04-18 12:00 AM
15
googleprojectzero
googleprojectzero

The Windows Registry Adventure #1: Introduction and research results

Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...

7.8CVSS

8.3AI Score

0.049EPSS

2024-04-18 12:00 AM
12
nessus
nessus

Juniper Junos OS Vulnerability (JSA75744)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75744 advisory. An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-04-18 12:00 AM
5
nessus
nessus

NewStart CGSL CORE 5.04 / MAIN 5.04 : dnsmasq Multiple Vulnerabilities (NS-SA-2024-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dnsmasq packages installed that are affected by multiple vulnerabilities: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and...

7.5CVSS

7.6AI Score

0.269EPSS

2024-04-18 12:00 AM
5
nessus
nessus

Juniper Junos OS Vulnerability (JSA75742)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75742 advisory. A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks...

5.9CVSS

7.3AI Score

0.001EPSS

2024-04-18 12:00 AM
4
nessus
nessus

Juniper Junos OS Vulnerability (JSA75747)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75747 advisory. A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a...

7.5CVSS

7.2AI Score

0.001EPSS

2024-04-18 12:00 AM
3
googleprojectzero
googleprojectzero

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

6.3AI Score

2024-04-18 12:00 AM
4
nessus
nessus

Juniper Junos OS Vulnerability (JSA75733)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75733 advisory. A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to...

5.5CVSS

7.3AI Score

0.0004EPSS

2024-04-18 12:00 AM
3
nvd
nvd

CVE-2024-31040

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...

6.6AI Score

0.0004EPSS

2024-04-17 07:15 PM
cve
cve

CVE-2024-31040

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...

6.9AI Score

0.0004EPSS

2024-04-17 07:15 PM
25
redhatcve
redhatcve

CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5CVSS

7AI Score

0.0004EPSS

2024-04-17 05:54 PM
9
cisco
cisco

Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to...

7AI Score

EPSS

2024-04-17 04:00 PM
17
cisco
cisco

Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...

6.9AI Score

0.0004EPSS

2024-04-17 04:00 PM
8
cisco
cisco

Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...

7.8AI Score

0.0004EPSS

2024-04-17 04:00 PM
11
debiancve
debiancve

CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-04-17 11:15 AM
6
nvd
nvd

CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-04-17 11:15 AM
1
cve
cve

CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-04-17 11:15 AM
33
cvelist
cvelist

CVE-2024-26909 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5AI Score

0.0004EPSS

2024-04-17 10:27 AM
nessus
nessus

Fedora 39 : yyjson (2024-ef2e551fab)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ef2e551fab advisory. yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is...

7.5AI Score

0.0004EPSS

2024-04-17 12:00 AM
7
cvelist
cvelist

CVE-2024-31040

Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...

6.8AI Score

0.0004EPSS

2024-04-17 12:00 AM
ubuntu
ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities

Releases Ubuntu 20.04 LTS Packages linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference...

7.8CVSS

7.5AI Score

EPSS

2024-04-17 12:00 AM
11
openvas
openvas

Ubuntu: Security Advisory (USN-6724-2)

The remote host is missing an update for...

8CVSS

6.9AI Score

0.0005EPSS

2024-04-17 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-26909

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-04-17 12:00 AM
7
talos
talos

Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of...

9.1CVSS

6.7AI Score

0.001EPSS

2024-04-17 12:00 AM
16
broadcom
broadcom

Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.7AI Score

0.001EPSS

2024-04-17 12:00 AM
10
nessus
nessus

Fedora 38 : yyjson (2024-4691d60717)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4691d60717 advisory. yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is...

7.5AI Score

0.0004EPSS

2024-04-17 12:00 AM
7
nvd
nvd

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-04-16 08:15 PM
cve
cve

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...

5.5CVSS

7AI Score

0.0004EPSS

2024-04-16 08:15 PM
53
osv
osv

linux-aws-6.5, linux-raspi vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....

8CVSS

8.4AI Score

0.0005EPSS

2024-04-16 08:07 PM
8
cvelist
cvelist

CVE-2024-30378 Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...

5.5CVSS

6AI Score

0.0004EPSS

2024-04-16 08:03 PM
vulnrichment
vulnrichment

CVE-2024-30378 Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-04-16 08:03 PM
ibm
ibm

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11 and Apache Commons

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache Commons Compress and Apache Commons Configuration used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF2 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries. Please...

8.1CVSS

8.3AI Score

0.001EPSS

2024-04-16 07:21 PM
8
thn
thn

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...

7.3AI Score

2024-04-16 03:16 PM
19
thn
thn

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by...

7.8CVSS

8.1AI Score

0.974EPSS

2024-04-16 01:39 PM
27
osv
osv

mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-04-16 12:30 AM
7
github
github

mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker...

7.5CVSS

7AI Score

0.0004EPSS

2024-04-16 12:30 AM
8
nvd
nvd

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-04-16 12:15 AM
Total number of security vulnerabilities69337