Lucene search

K

Ryzen™ 3000 Series Desktop Processors Security Vulnerabilities

cvelist
cvelist

CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7.4AI Score

0.0004EPSS

2024-05-30 03:29 PM
thn
thn

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term...

7.3AI Score

2024-05-30 03:26 PM
1
ibm
ibm

Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-05-30 01:50 PM
8
talosblog
talosblog

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

7.8AI Score

2024-05-30 12:01 PM
8
ics
ics

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS

7.7AI Score

0.002EPSS

2024-05-30 12:00 PM
22
ubuntucve
ubuntucve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6797-1)

The remote host is missing an update for...

7.9CVSS

6.8AI Score

0.001EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1832-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
nessus
nessus

SUSE SLES12 Security Update : xdg-desktop-portal (SUSE-SU-2024:1832-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1832-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1831-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1806-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

9CVSS

6.7AI Score

0.001EPSS

2024-05-30 12:00 AM
3
nessus
nessus

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1831-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1831-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-05-30 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1806-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1806-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

7.3AI Score

0.0004EPSS

2024-05-30 12:00 AM
34
talosblog
talosblog

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

6.8AI Score

2024-05-29 04:32 PM
5
nvd
nvd

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...

6.7AI Score

EPSS

2024-05-29 04:15 PM
cve
cve

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...

6.9AI Score

EPSS

2024-05-29 04:15 PM
61
cve
cve

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
27
nvd
nvd

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
talosblog
talosblog

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

9.8CVSS

9.8AI Score

0.001EPSS

2024-05-29 04:07 PM
2
cvelist
cvelist

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-29 03:21 PM
3
vulnrichment
vulnrichment

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

6.8AI Score

0.0004EPSS

2024-05-29 03:21 PM
thn
thn

Check Point Warns of Zero-Day Attacks on its VPN Gateway Products

Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919 (CVSS score: 8.6), the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and...

8.6CVSS

9.1AI Score

0.945EPSS

2024-05-29 03:16 PM
1
thn
thn

Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha

Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and]...

7.7AI Score

2024-05-29 02:58 PM
1
malwarebytes
malwarebytes

Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?

Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once...

7.3AI Score

2024-05-29 01:06 PM
8
osv
osv

intel-microcode vulnerabilities

It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only...

7.9CVSS

7.3AI Score

0.001EPSS

2024-05-29 07:13 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6795-1)

The remote host is missing an update for...

7.8CVSS

7.3AI Score

EPSS

2024-05-29 12:00 AM
4
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Intel Microcode vulnerabilities (USN-6797-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6797-1 advisory. It was discovered that some 3rd and 4th Generation Intel Xeon Processors did not properly...

7.9CVSS

7.3AI Score

0.001EPSS

2024-05-29 12:00 AM
3
nessus
nessus

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6795-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6795-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

7.8CVSS

7.6AI Score

EPSS

2024-05-29 12:00 AM
2
nessus
nessus

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1803-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1803-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
ubuntu
ubuntu

Intel Microcode vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages intel-microcode - Processor microcode for Intel CPUs Details It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to...

7.9CVSS

7.4AI Score

0.001EPSS

2024-05-29 12:00 AM
5
nvidia
nvidia

Security Bulletin: Triton Inference Server - May 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

9CVSS

8AI Score

0.0004EPSS

2024-05-29 12:00 AM
7
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...

5.9CVSS

6.7AI Score

0.001EPSS

2024-05-28 07:41 PM
8
osv
osv

linux-intel-iotg vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

7.8CVSS

7AI Score

EPSS

2024-05-28 07:06 PM
4
nvd
nvd

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...

9.8CVSS

9.4AI Score

0.001EPSS

2024-05-28 04:15 PM
cve
cve

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...

9.8CVSS

6.7AI Score

0.001EPSS

2024-05-28 04:15 PM
3
mmpc
mmpc

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...

9.2AI Score

2024-05-28 04:00 PM
25
mssecure
mssecure

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...

7.7AI Score

2024-05-28 04:00 PM
2
vulnrichment
vulnrichment

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...

9.8CVSS

6.8AI Score

0.001EPSS

2024-05-28 03:30 PM
cvelist
cvelist

CVE-2024-21785

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...

9.8CVSS

9.3AI Score

0.001EPSS

2024-05-28 03:30 PM
3
nvd
nvd

CVE-2024-4429

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-05-28 03:15 PM
1
cve
cve

CVE-2024-4429

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...

5.4CVSS

6.3AI Score

0.0004EPSS

2024-05-28 03:15 PM
cve
cve

CVE-2024-3969

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...

7.8CVSS

8.4AI Score

0.0004EPSS

2024-05-28 03:15 PM
3
nvd
nvd

CVE-2024-3969

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...

7.8CVSS

8AI Score

0.0004EPSS

2024-05-28 03:15 PM
cvelist
cvelist

CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-05-28 02:38 PM
2
vulnrichment
vulnrichment

CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...

5.4CVSS

6.4AI Score

0.0004EPSS

2024-05-28 02:38 PM
cvelist
cvelist

CVE-2024-3969 XML External Entity injection vulnerability in iManager

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...

7.8CVSS

8AI Score

0.0004EPSS

2024-05-28 02:38 PM
4
Total number of security vulnerabilities84217