Lucene search

K

Ryzen™ 3000 Series Desktop Processors Security Vulnerabilities

github
github

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...

6.1CVSS

5.9AI Score

0.0005EPSS

2024-06-04 10:26 PM
6
osv
osv

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...

6.1CVSS

5.9AI Score

0.0005EPSS

2024-06-04 10:26 PM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...

5.9CVSS

6.2AI Score

0.001EPSS

2024-06-04 06:11 PM
3
ibm
ibm

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Tivoli Monitoring (ITM) components is vulnerable to a local authenticated attacker to bypass security restrictions.

Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVE-2024-3933 Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-04 04:10 PM
12
ics
ics

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability: Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS

7.9AI Score

0.003EPSS

2024-06-04 12:00 PM
31
thn
thn

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...

8.8CVSS

7.3AI Score

0.005EPSS

2024-06-04 06:33 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1910-1)

The remote host is missing an update for...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1271-2)

The remote host is missing an update for...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-04 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1907-1)

The remote host is missing an update for...

6.5CVSS

6.6AI Score

0.003EPSS

2024-06-04 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1908-1)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0207)

The remote host is missing an update for...

7.9CVSS

6.5AI Score

0.0004EPSS

2024-06-04 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1908-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1908-1 advisory. - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Tenable has extracted the...

6.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
mageia
mageia

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...

7.9CVSS

6.3AI Score

0.0004EPSS

2024-06-03 09:30 PM
5
rubygems
rubygems

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...

6.1CVSS

6.1AI Score

EPSS

2024-06-03 09:00 PM
1
rubygems
rubygems

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...

9.8CVSS

5.3AI Score

EPSS

2024-06-03 09:00 PM
1
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 004 Vulnerability Details ** CVEID: CVE-2023-26965 DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the loadImage() function in /libtiff/tools/tiffcrop.c......

8.8CVSS

7.6AI Score

0.034EPSS

2024-06-03 07:44 PM
26
qualysblog
qualysblog

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

7.6AI Score

2024-06-03 05:41 PM
1
mssecure
mssecure

Microsoft is named a leader in the Forrester Wave for XDR

“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...

6.8AI Score

2024-06-03 04:00 PM
1
thn
thn

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for....

8AI Score

2024-06-03 02:00 PM
1
malwarebytes
malwarebytes

WhatsApp cryptocurrency scam goes for the cash prize

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...

7.3AI Score

2024-06-03 01:40 PM
11
redhatcve
redhatcve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.5AI Score

0.0004EPSS

2024-06-03 01:33 PM
2
thn
thn

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've...

8.1AI Score

2024-06-03 10:20 AM
1
securelist
securelist

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

7.8CVSS

6AI Score

0.003EPSS

2024-06-03 10:00 AM
6
thn
thn

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

7.1AI Score

2024-06-03 03:51 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

7.5CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
3
nessus
nessus

RHEL 5 : flash-plugin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: multiple code execution issues fixed in APSB17-07 (CVE-2017-3003) Unspecified...

8.8CVSS

8.9AI Score

0.954EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...

6CVSS

6.7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...

7.5CVSS

7.4AI Score

0.256EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 8 : gnome-desktop3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gnome-desktop: thumbnailer security bypass (CVE-2019-11460) Note that Nessus has not tested for this issue but has...

9CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : gnome-desktop3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gnome-desktop: thumbnailer security bypass (CVE-2019-11460) Note that Nessus has not tested for this issue but has...

9CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) Note that...

6.5CVSS

7.5AI Score

0.002EPSS

2024-06-03 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

6.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 7 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for improper isolation of shared resources (CVE-2022-38090) Incorrect...

6.1CVSS

7.2AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) Note that...

6.5CVSS

6.6AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : freerdp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset...

9.8CVSS

7.6AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : ipsec-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipsec-tools: Parsing and storing ISAKMP fragments in malicious order can exhaust resources ...

7.5CVSS

7.6AI Score

0.018EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...

7.4CVSS

6.8AI Score

0.015EPSS

2024-06-03 12:00 AM
githubexploit
githubexploit

Exploit for Type Confusion in Google Chrome

Chrome Renderer 1day RCE via Type Confusion in Async Stack...

8.8CVSS

6.7AI Score

0.001EPSS

2024-06-02 02:15 PM
62
rapid7blog
rapid7blog

New! Insight Agent Support for ARM-based Windows in InsightVM

We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...

7.1AI Score

2024-05-31 06:34 PM
6
ibm
ibm

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-31 02:39 PM
15
kitploit
kitploit

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

7AI Score

2024-05-31 12:30 PM
11
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
thn
thn

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...

7.2AI Score

2024-05-31 10:10 AM
1
mssecure
mssecure

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

9.8CVSS

7.2AI Score

0.068EPSS

2024-05-30 05:00 PM
1
nvd
nvd

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
debiancve
debiancve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
cve
cve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
30
Total number of security vulnerabilities84217