Lucene search

K

Ryzen™ 3000 Series Desktop Processors Security Vulnerabilities

openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

7.5CVSS

7.6AI Score

0.005EPSS

2024-06-03 12:00 AM
3
nessus
nessus

RHEL 5 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...

6CVSS

6.7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : flash-plugin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. flash-plugin: multiple code execution issues fixed in APSB17-07 (CVE-2017-3003) Unspecified...

8.8CVSS

8.9AI Score

0.955EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...

7.5CVSS

7.4AI Score

0.256EPSS

2024-06-03 12:00 AM
2
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

8CVSS

8.3AI Score

EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) Note that...

6.5CVSS

7.5AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : gnome-desktop3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gnome-desktop: thumbnailer security bypass (CVE-2019-11460) Note that Nessus has not tested for this issue but has...

9CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : gnome-desktop3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. gnome-desktop: thumbnailer security bypass (CVE-2019-11460) Note that Nessus has not tested for this issue but has...

9CVSS

9.2AI Score

0.002EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for insufficient granularity of access control in out-of-band management in some...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Intel firmware update for improper isolation of shared resources (CVE-2022-38090) Incorrect...

6.1CVSS

7.2AI Score

0.0004EPSS

2024-06-03 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

6.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 5 : ipsec-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipsec-tools: Parsing and storing ISAKMP fragments in malicious order can exhaust resources ...

7.5CVSS

7.6AI Score

0.018EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : freerdp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset...

9.8CVSS

7.6AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...

7.4CVSS

6.8AI Score

0.015EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : nautilus (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nautilus: Insufficient validation of trust of .desktop files with execute permission (CVE-2017-14604) Note that...

6.5CVSS

6.6AI Score

0.002EPSS

2024-06-03 12:00 AM
2
githubexploit
githubexploit

Exploit for Type Confusion in Google Chrome

Chrome Renderer 1day RCE via Type Confusion in Async Stack...

8.8CVSS

6.7AI Score

0.001EPSS

2024-06-02 02:15 PM
75
rapid7blog
rapid7blog

New! Insight Agent Support for ARM-based Windows in InsightVM

We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...

7.1AI Score

2024-05-31 06:34 PM
6
ibm
ibm

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-31 02:39 PM
15
kitploit
kitploit

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

7AI Score

2024-05-31 12:30 PM
13
talosblog
talosblog

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

8AI Score

2024-05-31 12:00 PM
8
thn
thn

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...

7.2AI Score

2024-05-31 10:10 AM
4
mssecure
mssecure

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

9.8CVSS

7.2AI Score

0.068EPSS

2024-05-30 05:00 PM
1
mmpc
mmpc

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

9.8CVSS

8.7AI Score

0.068EPSS

2024-05-30 05:00 PM
26
nvd
nvd

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
cve
cve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
32
debiancve
debiancve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
cvelist
cvelist

CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7.4AI Score

0.0004EPSS

2024-05-30 03:29 PM
thn
thn

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term...

7.3AI Score

2024-05-30 03:26 PM
4
ibm
ibm

Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-05-30 01:50 PM
11
talosblog
talosblog

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...

7.8AI Score

2024-05-30 12:01 PM
8
ics
ics

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS

7.7AI Score

0.002EPSS

2024-05-30 12:00 PM
22
ubuntucve
ubuntucve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6797-1)

The remote host is missing an update for...

7.9CVSS

6.8AI Score

0.001EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1832-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
nessus
nessus

SUSE SLES12 Security Update : xdg-desktop-portal (SUSE-SU-2024:1832-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1832-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1806-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1831-1)

The remote host is missing an update for...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1831-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1831-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-05-30 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : xdg-desktop-portal (SUSE-SU-2024:1806-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1806-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

8.4CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1807-1)

The remote host is missing an update for...

9CVSS

6.7AI Score

0.001EPSS

2024-05-30 12:00 AM
5
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

7.3AI Score

0.0004EPSS

2024-05-30 12:00 AM
36
talosblog
talosblog

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

6.8AI Score

2024-05-29 04:32 PM
5
nvd
nvd

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...

6.7AI Score

EPSS

2024-05-29 04:15 PM
cve
cve

CVE-2024-35311

Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access...

6.9AI Score

EPSS

2024-05-29 04:15 PM
61
cve
cve

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

6.7AI Score

0.0004EPSS

2024-05-29 04:15 PM
28
nvd
nvd

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-29 04:15 PM
talosblog
talosblog

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

9.8CVSS

9.8AI Score

0.001EPSS

2024-05-29 04:07 PM
2
cvelist
cvelist

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-29 03:21 PM
3
vulnrichment
vulnrichment

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of...

7.6CVSS

6.8AI Score

0.0004EPSS

2024-05-29 03:21 PM
Total number of security vulnerabilities84406