Lucene search

K

Ryzen™ 4000 Series Processors Security Vulnerabilities

cve
cve

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11...

6.7AI Score

EPSS

2024-05-19 07:15 PM
38
nvd
nvd

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11...

6.5AI Score

EPSS

2024-05-19 07:15 PM
thn
thn

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles....

7.4AI Score

2024-05-19 09:46 AM
1
debiancve
debiancve

CVE-2024-35905

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

7.4AI Score

0.0004EPSS

2024-05-19 09:15 AM
3
cve
cve

CVE-2024-35905

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

7.1AI Score

0.0004EPSS

2024-05-19 09:15 AM
30
nvd
nvd

CVE-2024-35905

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

6.9AI Score

0.0004EPSS

2024-05-19 09:15 AM
1
cvelist
cvelist

CVE-2024-35905 bpf: Protect against int overflow for stack access size

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

6.8AI Score

0.0004EPSS

2024-05-19 08:34 AM
thn
thn

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target...

7.1AI Score

2024-05-19 07:59 AM
1
ubuntucve
ubuntucve

CVE-2024-35905

In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...

6.8AI Score

0.0004EPSS

2024-05-19 12:00 AM
qualysblog
qualysblog

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose...

7.3AI Score

2024-05-17 11:45 PM
5
ibm
ibm

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-17 08:57 PM
8
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...

5.9CVSS

7AI Score

0.001EPSS

2024-05-17 07:28 PM
16
thn
thn

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on...

7.8AI Score

2024-05-17 11:29 AM
1
nessus
nessus

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

3.7CVSS

7.5AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2024-1672)

According to the versions of the kernel package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and...

9.8CVSS

8.2AI Score

0.003EPSS

2024-05-17 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)

The remote host is missing an update for the Huawei...

6.5CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6774-1)

The remote host is missing an update for...

6.5CVSS

7AI Score

EPSS

2024-05-17 12:00 AM
13
nessus
nessus

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

6.5CVSS

7.2AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2024-1706)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to...

6.5CVSS

7.4AI Score

0.002EPSS

2024-05-17 12:00 AM
2
debiancve
debiancve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
7
nvd
nvd

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
cve
cve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-16 09:16 PM
32
nvd
nvd

CVE-2023-47165

Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...

6CVSS

5.7AI Score

0.0004EPSS

2024-05-16 09:15 PM
cve
cve

CVE-2023-47165

Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...

6CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
30
alpinelinux
alpinelinux

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

5.7AI Score

0.0004EPSS

2024-05-16 09:15 PM
8
cve
cve

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

5.9AI Score

0.0004EPSS

2024-05-16 09:15 PM
32
debiancve
debiancve

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.6AI Score

0.0004EPSS

2024-05-16 09:15 PM
7
nvd
nvd

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

5.3AI Score

0.0004EPSS

2024-05-16 09:15 PM
2
osv
osv

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
6
cve
cve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

5.4AI Score

0.0004EPSS

2024-05-16 09:15 PM
34
alpinelinux
alpinelinux

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

5AI Score

0.0004EPSS

2024-05-16 09:15 PM
7
osv
osv

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.2AI Score

0.0004EPSS

2024-05-16 09:15 PM
4
nvd
nvd

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

4.3AI Score

0.0004EPSS

2024-05-16 09:15 PM
1
debiancve
debiancve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.3AI Score

0.0004EPSS

2024-05-16 09:15 PM
10
cvelist
cvelist

CVE-2023-47165

Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...

6CVSS

5.7AI Score

0.0004EPSS

2024-05-16 08:47 PM
vulnrichment
vulnrichment

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

5.9AI Score

0.0004EPSS

2024-05-16 08:47 PM
cvelist
cvelist

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

4.8AI Score

0.0004EPSS

2024-05-16 08:47 PM
cvelist
cvelist

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

5.5AI Score

0.0004EPSS

2024-05-16 08:47 PM
cvelist
cvelist

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.2AI Score

0.0004EPSS

2024-05-16 08:46 PM
veracode
veracode

Denial Of Service (DOS)

Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...

4.7CVSS

6.7AI Score

0.0004EPSS

2024-05-16 07:43 PM
2
nvd
nvd

CVE-2024-3640

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....

7.9AI Score

0.0004EPSS

2024-05-16 04:15 PM
cve
cve

CVE-2024-3640

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....

7.8AI Score

0.0004EPSS

2024-05-16 04:15 PM
30
cvelist
cvelist

CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....

7.8AI Score

0.0004EPSS

2024-05-16 03:25 PM
vulnrichment
vulnrichment

CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....

7.9AI Score

0.0004EPSS

2024-05-16 03:25 PM
qualysblog
qualysblog

How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment

Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....

6.9AI Score

2024-05-16 03:03 PM
4
osv
osv

linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Sander....

6.5CVSS

6.6AI Score

EPSS

2024-05-16 02:27 PM
6
qualysblog
qualysblog

TotalCloud Container Security Best Practices

Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...

7.1AI Score

2024-05-16 02:00 PM
13
ics
ics

Siemens SIMATIC RTLS Locating Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

10CVSS

9.2AI Score

0.009EPSS

2024-05-16 12:00 PM
9
ics
ics

Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-16 12:00 PM
13
thn
thn

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...

7.4AI Score

2024-05-16 03:16 AM
1
Total number of security vulnerabilities47073