Lucene search

K

Ryzen™ 4000 Series Processors Security Vulnerabilities

nessus
nessus

FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...

7.9CVSS

7.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
3
nessus
nessus

Cisco Integrated Management Controller Web-Based Management Interface Command Injection (cisco-sa-cimc-cmd-inj-bLuPcb)

According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....

8.7CVSS

7.9AI Score

0.0004EPSS

2024-05-15 12:00 AM
10
nessus
nessus

Juniper Junos OS Vulnerability (JSA75751)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...

4.3CVSS

7AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
10
redhatcve
redhatcve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-14 08:54 PM
11
cve
cve

CVE-2024-1598

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-05-14 04:15 PM
27
nvd
nvd

CVE-2024-1598

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-05-14 04:15 PM
nvd
nvd

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-05-14 04:15 PM
1
nvd
nvd

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

6.5AI Score

0.0004EPSS

2024-05-14 03:39 PM
1
vulnrichment
vulnrichment

CVE-2024-1598 Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-14 02:56 PM
cvelist
cvelist

CVE-2024-1598 Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...

7.5CVSS

8AI Score

0.0004EPSS

2024-05-14 02:56 PM
vulnrichment
vulnrichment

CVE-2024-0762 Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-14 02:56 PM
cvelist
cvelist

CVE-2024-0762 Potential buffer overflow when handling UEFI variables

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...

7.5CVSS

8AI Score

0.0004EPSS

2024-05-14 02:56 PM
vulnrichment
vulnrichment

CVE-2024-28137 PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...

7.8CVSS

7AI Score

0.0005EPSS

2024-05-14 08:10 AM
vulnrichment
vulnrichment

CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...

5CVSS

7.9AI Score

0.001EPSS

2024-05-14 08:09 AM
cvelist
cvelist

CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...

5CVSS

6AI Score

0.001EPSS

2024-05-14 08:09 AM
2
vulnrichment
vulnrichment

CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

7CVSS

6.7AI Score

0.001EPSS

2024-05-14 08:09 AM
cvelist
cvelist

CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-05-14 08:09 AM
vulnrichment
vulnrichment

CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...

7.8CVSS

6.6AI Score

0.0005EPSS

2024-05-14 08:09 AM
freebsd
freebsd

Intel CPUs -- multiple vulnerabilities

Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions (TDX) module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable...

7.9CVSS

7.3AI Score

0.0004EPSS

2024-05-14 12:00 AM
4
hp
hp

Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

7.8CVSS

7.4AI Score

0.0004EPSS

2024-05-14 12:00 AM
7
mssecure
mssecure

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

7AI Score

2024-05-13 04:00 PM
5
rapid7blog
rapid7blog

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....

7.3AI Score

2024-05-13 03:06 PM
3
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

5.9CVSS

7.4AI Score

0.001EPSS

2024-05-13 02:27 PM
12
ibm
ibm

Security Bulletin: Multiple vulnerabilities exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....

7.5CVSS

6.9AI Score

0.001EPSS

2024-05-13 11:52 AM
8
thn
thn

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and...

9.8CVSS

9.6AI Score

0.002EPSS

2024-05-13 10:12 AM
1
apple
apple

About the security content of watchOS 10.5

About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

7.3AI Score

0.0005EPSS

2024-05-13 12:00 AM
14
nessus
nessus

RHEL 5 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...

8.3AI Score

0.089EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 7 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

9.9AI Score

0.895EPSS

2024-05-11 12:00 AM
11
nessus
nessus

RHEL 5 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-good: Heap buffer overflow in FLIC decoder (CVE-2016-9636) The...

8.6AI Score

0.015EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 5 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) Apache Tomcat 6.x before...

8.9AI Score

0.975EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : hw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900) ...

8.1AI Score

EPSS

2024-05-11 12:00 AM
4
nessus
nessus

RHEL 7 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-good: Heap buffer overflow in FLIC decoder (CVE-2016-9636) The...

8.5AI Score

0.015EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 5 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial...

8.9AI Score

0.022EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

9.2AI Score

0.895EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 5 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: doapr_outch function does not verify that certain memory allocation succeeds (CVE-2016-2842) ...

8.5AI Score

0.895EPSS

2024-05-11 12:00 AM
nessus
nessus

RHEL 7 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial...

8.5AI Score

0.012EPSS

2024-05-11 12:00 AM
Total number of security vulnerabilities47073