CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
5.9AI Score
0.0004EPSS
CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
7AI Score
0.0004EPSS
CVE-2024-3483 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
7.8CVSS
8.3AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8.2AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.4AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
6.6AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
linux-hwe-5.15, linux-raspi vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
7.8CVSS
6.9AI Score
EPSS
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...
7.9CVSS
7.7AI Score
0.0004EPSS
According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....
8.7CVSS
7.9AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA75751)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...
4.3CVSS
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.3AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....
8.8CVSS
9AI Score
0.008EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.4AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.8AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.4AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.8AI Score
0.0004EPSS
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...
6.7AI Score
0.0004EPSS
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...
6.5AI Score
0.0004EPSS
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...
5.3CVSS
6.1AI Score
0.0004EPSS
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...
5.3CVSS
5.1AI Score
0.0004EPSS
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...
5.3CVSS
6.2AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
8AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
8AI Score
0.0004EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7.9AI Score
0.0005EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7AI Score
0.0005EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
7.9AI Score
0.001EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
6AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
7AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
6.7AI Score
0.001EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
7.6AI Score
0.0005EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
6.6AI Score
0.0005EPSS
mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and...
5.3CVSS
6.8AI Score
0.0004EPSS
Intel CPUs -- multiple vulnerabilities
Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions (TDX) module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable...
7.9CVSS
7.3AI Score
0.0004EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...
5.3CVSS
6.4AI Score
0.0004EPSS
Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...
6.2AI Score