Lucene search

K

Ryzen™ 2000 Series Processors Security Vulnerabilities

osv
osv

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

7.8CVSS

8.6AI Score

EPSS

2024-05-07 07:22 PM
5
ibm
ibm

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS

10AI Score

EPSS

2024-05-07 07:21 PM
15
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.8CVSS

9.9AI Score

0.073EPSS

2024-05-07 05:07 PM
8
github
github

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-05-07 04:49 PM
8
osv
osv

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS

6.5AI Score

0.0004EPSS

2024-05-07 04:49 PM
3
osv
osv

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

7.8CVSS

7.6AI Score

EPSS

2024-05-07 03:22 PM
5
thn
thn

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

8AI Score

2024-05-07 01:25 PM
1
securelist
securelist

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

8.9AI Score

0.971EPSS

2024-05-07 10:00 AM
29
nvd
nvd

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

8.1CVSS

8.4AI Score

0.0004EPSS

2024-05-07 06:15 AM
1
cve
cve

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

8.1CVSS

7.5AI Score

0.0004EPSS

2024-05-07 06:15 AM
33
cvelist
cvelist

CVE-2024-22472 Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

8.1CVSS

8.6AI Score

0.0004EPSS

2024-05-07 05:17 AM
2
ubuntu
ubuntu

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...

7.5AI Score

EPSS

2024-05-07 12:00 AM
21
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

7.8CVSS

7.5AI Score

EPSS

2024-05-07 12:00 AM
6
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-07 12:00 AM
8
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

7.8CVSS

7AI Score

EPSS

2024-05-07 12:00 AM
15
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0917-1)

The remote host is missing an update for...

6.5CVSS

7AI Score

0.001EPSS

2024-05-07 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0975-1)

The remote host is missing an update for...

7.8CVSS

7.4AI Score

EPSS

2024-05-07 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1139-1)

The remote host is missing an update for...

6.5CVSS

7.5AI Score

0.001EPSS

2024-05-07 12:00 AM
3
nessus
nessus

GLSA-202405-20 : libjpeg-turbo: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-20 (libjpeg-turbo: Multiple Vulnerabilities) Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary...

8.8CVSS

8.4AI Score

0.009EPSS

2024-05-07 12:00 AM
6
rubygems
rubygems

Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText

From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into...

7.9AI Score

EPSS

2024-05-06 09:00 PM
6
nvd
nvd

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

8.3CVSS

8AI Score

0.0004EPSS

2024-05-06 12:15 PM
1
cve
cve

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

8.3CVSS

6AI Score

0.0004EPSS

2024-05-06 12:15 PM
33
vulnrichment
vulnrichment

CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

8.3CVSS

6.2AI Score

0.0004EPSS

2024-05-06 12:04 PM
1
cvelist
cvelist

CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

8.3CVSS

8AI Score

0.0004EPSS

2024-05-06 12:04 PM
2
malwarebytes
malwarebytes

A week in security (April 29 – May 5)

Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...

7.2AI Score

2024-05-06 08:40 AM
13
thn
thn

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...

7.2AI Score

2024-05-06 07:48 AM
1
nessus
nessus

GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-15 (Mozilla Firefox: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...

7.8AI Score

0.0004EPSS

2024-05-06 12:00 AM
7
nessus
nessus

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2447 advisory. Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function...

6.5CVSS

7.7AI Score

0.004EPSS

2024-05-06 12:00 AM
4
nessus
nessus

Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...

8CVSS

8.2AI Score

0.0005EPSS

2024-05-06 12:00 AM
14
fedora
fedora

[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

8.1CVSS

7.5AI Score

0.001EPSS

2024-05-05 02:02 AM
4
fedora
fedora

[SECURITY] Fedora 38 Update: gdcm-3.0.21-4.fc38

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

8.1CVSS

7.5AI Score

0.001EPSS

2024-05-05 01:40 AM
1
fedora
fedora

[SECURITY] Fedora 39 Update: gdcm-3.0.23-5.fc39

Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...

8.1CVSS

7.5AI Score

0.001EPSS

2024-05-05 01:16 AM
6
gentoo
gentoo

Apache Commons BCEL: Remote Code Execution

Background The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier.....

9.8CVSS

7.4AI Score

0.023EPSS

2024-05-05 12:00 AM
5
debian
debian

[SECURITY] [DLA 3808-1] intel-microcode security update

Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...

6.5CVSS

7.8AI Score

0.001EPSS

2024-05-04 03:21 PM
11
kitploit
kitploit

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

5.9AI Score

2024-05-04 12:30 PM
11
nessus
nessus

Debian dla-3808 : intel-microcode - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3808 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user...

6.5CVSS

7.6AI Score

0.001EPSS

2024-05-04 12:00 AM
4
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...

7.8CVSS

7.6AI Score

EPSS

2024-05-04 12:00 AM
8
mssecure
mssecure

Security above all else—expanding Microsoft’s Secure Future Initiative

Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to...

7.8AI Score

2024-05-03 02:55 PM
4
schneier
schneier

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his...

7.2AI Score

2024-05-03 11:10 AM
8
thn
thn

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the...

7AI Score

2024-05-03 09:37 AM
1
hp
hp

HP Application Enabling Software Driver - Privileged File Overwrite

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. Mitigation is available in HP Application...

7.5AI Score

0.0004EPSS

2024-05-03 12:00 AM
33
nvd
nvd

CVE-2024-31967

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit...

6.7AI Score

0.0004EPSS

2024-05-02 04:15 PM
cve
cve

CVE-2024-31967

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit...

6.9AI Score

0.0004EPSS

2024-05-02 04:15 PM
32
nvd
nvd

CVE-2024-31966

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter....

7.2AI Score

0.0004EPSS

2024-05-02 04:15 PM
1
cve
cve

CVE-2024-31966

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter....

7.4AI Score

0.0004EPSS

2024-05-02 04:15 PM
31
cve
cve

CVE-2024-31964

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful...

7.2AI Score

0.0004EPSS

2024-05-02 04:15 PM
30
cve
cve

CVE-2024-31963

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A...

8AI Score

0.0004EPSS

2024-05-02 04:15 PM
29
nvd
nvd

CVE-2024-31963

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A...

7.7AI Score

0.0004EPSS

2024-05-02 04:15 PM
nvd
nvd

CVE-2024-31964

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful...

6.9AI Score

0.0004EPSS

2024-05-02 04:15 PM
cve
cve

CVE-2024-31965

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input...

6.5AI Score

0.0004EPSS

2024-05-02 04:15 PM
30
Total number of security vulnerabilities69337