Lucene search

K

Ryzen™ 3000 Series Desktop Processors With Radeon™ Graphics Security Vulnerabilities

cvelist
cvelist

CVE-2024-27161 Hardcoded password used to encrypt files

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...

6.2CVSS

0.0004EPSS

2024-06-14 03:37 AM
2
cvelist
cvelist

CVE-2024-27160 Hardcoded password used to encrypt logs and use of weak cipher

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

0.0004EPSS

2024-06-14 03:33 AM
2
cvelist
cvelist

CVE-2024-27159 Hardcoded password used to encrypt logs

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

0.0004EPSS

2024-06-14 03:29 AM
2
vulnrichment
vulnrichment

CVE-2024-27159 Hardcoded password used to encrypt logs

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

7.2AI Score

0.0004EPSS

2024-06-14 03:29 AM
cvelist
cvelist

CVE-2024-31159 ASUS Download Master - Reflected XSS

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 03:25 AM
1
vulnrichment
vulnrichment

CVE-2024-31159 ASUS Download Master - Reflected XSS

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

6.8AI Score

0.0004EPSS

2024-06-14 03:25 AM
nvd
nvd

CVE-2024-3079

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the...

7.2CVSS

0.0004EPSS

2024-06-14 03:15 AM
2
cve
cve

CVE-2024-3079

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the...

7.2CVSS

7.6AI Score

0.0004EPSS

2024-06-14 03:15 AM
12
nvd
nvd

CVE-2024-27143

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....

9.8CVSS

0.0004EPSS

2024-06-14 03:15 AM
2
cve
cve

CVE-2024-27145

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

9.8AI Score

0.0004EPSS

2024-06-14 03:15 AM
12
nvd
nvd

CVE-2024-27145

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

0.0004EPSS

2024-06-14 03:15 AM
3
cve
cve

CVE-2024-27143

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....

9.8CVSS

9.7AI Score

0.0004EPSS

2024-06-14 03:15 AM
11
cve
cve

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

9.6AI Score

0.0004EPSS

2024-06-14 03:15 AM
12
nvd
nvd

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

0.0004EPSS

2024-06-14 03:15 AM
1
redhatcve
redhatcve

CVE-2024-37152

A flaw was found in Argo-CD. There is an issue with unauthenticated information disclosure of settings data through an exposed API endpoint at...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-06-14 03:12 AM
1
cvelist
cvelist

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

0.0004EPSS

2024-06-14 02:33 AM
1
vulnrichment
vulnrichment

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:33 AM
1
cvelist
cvelist

CVE-2024-3079 ASUS Router - Stack-based Buffer Overflow

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the...

7.2CVSS

0.0004EPSS

2024-06-14 02:32 AM
cvelist
cvelist

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

0.0004EPSS

2024-06-14 02:31 AM
vulnrichment
vulnrichment

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:31 AM
cvelist
cvelist

CVE-2024-27143 Pre-authenticated Remote Code Execution

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....

9.8CVSS

0.0004EPSS

2024-06-14 02:29 AM
1
vulnrichment
vulnrichment

CVE-2024-27143 Pre-authenticated Remote Code Execution

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....

9.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 02:29 AM
redhatcve
redhatcve

CVE-2023-46103

A flaw was found in intel-microcode. The sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra processors that may allow an authenticated user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the...

4.7CVSS

4.4AI Score

0.0004EPSS

2024-06-14 01:42 AM
redhatcve
redhatcve

CVE-2023-45733

A flaw was found in intel-microcode. The hardware logic contains race conditions in some Intel(R) processors that may allow an authenticated user to enable partial information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available...

2.8CVSS

3.2AI Score

0.0004EPSS

2024-06-14 01:12 AM
nessus
nessus

RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

9.8CVSS

7.3AI Score

0.002EPSS

2024-06-14 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-0093

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. Notes Author| Note ---|--- mdeslaur |.....

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2020-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2020-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...

7AI Score

EPSS

2024-06-14 12:00 AM
1
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
65
exploitdb

7.4AI Score

2024-06-14 12:00 AM
71
exploitdb

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
68
zdi
zdi

Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this vulnerability, depending upon configuration. Furthermore, only systems with ksmbd enabled are vulnerable. The specific...

6.7AI Score

2024-06-14 12:00 AM
veeam
veeam

Openshift Authentication - Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token

Theis issue is observed when the token provided while configuring oAuth does not match with the service account...

7.1AI Score

2024-06-14 12:00 AM
1
redos
redos

ROS-20240614-01

Vulnerability of UnRAR file unzipping tool is related to incorrect restriction of the path name to the directory with restricted access. Exploitation of the vulnerability could allow a remote attacker, Overwrite arbitrary files using a specially crafted...

7.5CVSS

7.2AI Score

0.927EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : ruby:3.3 (RLSA-2024:3670)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...

9AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)

In Keycloak prior to 24.0.5, users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,....

7.1AI Score

EPSS

2024-06-14 12:00 AM
4
packetstorm

7.4AI Score

2024-06-14 12:00 AM
66
nessus
nessus

Rocky Linux 8 : kernel-rt (RLSA-2024:2950)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ...

9.8CVSS

7.8AI Score

EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:3259)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3259 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...

5.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

AlmaLinux 9 : cockpit (ALSA-2024:3843)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3843 advisory. * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Tenable has extracted the preceding description block directly from the...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
wpvulndb
wpvulndb

tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

8.8CVSS

7.9AI Score

0.001EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Oracle Linux 8 : ruby:3.1 (ELSA-2024-3546)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3546 advisory. ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE...

7AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

9.8CVSS

8.4AI Score

0.005EPSS

2024-06-14 12:00 AM
nessus
nessus

Zyxel NAS Multiple Vulnerabilities

The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request....

9.8CVSS

8.6AI Score

0.001EPSS

2024-06-14 12:00 AM
veeam
veeam

Report Generation Fails with "lookup prometheus-server-exp: no such host"

Report Generation Fails with "lookup prometheus-server-exp: no such...

7.1AI Score

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : cockpit (RLSA-2024:3667)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3667 advisory. * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Tenable has extracted the preceding description block directly from...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
ubuntucve
ubuntucve

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt; 127. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine....

6.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
exploitdb

9.8CVSS

7.4AI Score

0.919EPSS

2024-06-14 12:00 AM
65
exploitdb

7.4AI Score

2024-06-14 12:00 AM
68
veeam
veeam

Import Job Fails with "No kopia manifests found in the repository"

The solution is to install Veeam Kasten for Kubernetes with an identical namespace in both source and target cluster, and the same...

7.1AI Score

2024-06-14 12:00 AM
Total number of security vulnerabilities764177