CVE-2024-3484 Path Traversal vulnerability found in iManager
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
7AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8.2AI Score
0.0004EPSS
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
8AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.4AI Score
0.0004EPSS
CVE-2024-3968 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2024-3970 Server-Side Request Forgery vulnerability in iManager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
6.6AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....
8.7CVSS
7.9AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA75751)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...
4.3CVSS
7AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.4AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.8AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.8AI Score
0.0004EPSS
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...
6.5AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
8AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
8AI Score
0.0004EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7AI Score
0.0005EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
7.9AI Score
0.001EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
6AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
6.7AI Score
0.001EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
7.6AI Score
0.0005EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
6.6AI Score
0.0005EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....
7.3AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.9CVSS
7.4AI Score
0.001EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
7.5CVSS
6.9AI Score
0.001EPSS
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and...
9.8CVSS
9.3AI Score
0.002EPSS
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.3AI Score
0.0005EPSS
RHEL 5 : ntp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...
8.3AI Score
0.089EPSS
RHEL 7 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...
9.9AI Score
0.895EPSS
RHEL 5 : gstreamer-plugins-good (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gstreamer-plugins-good: Heap buffer overflow in FLIC decoder (CVE-2016-9636) The...
8.6AI Score
0.015EPSS
RHEL 5 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) Apache Tomcat 6.x before...
8.9AI Score
0.975EPSS