SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-hwe-5.15 - Linux hardware enablement (HWE) kernel linux-raspi - Linux kernel for Raspberry Pi systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action...
7.8CVSS
7.2AI Score
EPSS
According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....
8.7CVSS
7.9AI Score
0.0004EPSS
FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...
7.9CVSS
7.7AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA75751)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...
4.3CVSS
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: Download Grafana 8.3.5 Release notes Release v.7.5.15, only containing security fixes: Download Grafana 7.5.15 Release...
6.5CVSS
5.3AI Score
0.001EPSS
Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: Download Grafana 8.3.5 Release notes Release v.7.5.15, only containing security fixes: Download Grafana 7.5.15 Release...
6.5CVSS
5.3AI Score
0.001EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.3AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....
8.8CVSS
9AI Score
0.008EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7.6AI Score
0.0005EPSS
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote...
7.8CVSS
7.8AI Score
0.0005EPSS
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
5.8AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
6.7AI Score
0.001EPSS
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
7.3AI Score
0.0005EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.4AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.8AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.4AI Score
0.0004EPSS
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.8AI Score
0.0004EPSS
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...
6.7AI Score
0.0004EPSS
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...
6.5AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-1598 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before...
7.5CVSS
8AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-0762 Potential buffer overflow when handling UEFI variables
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix ...
7.5CVSS
8AI Score
0.0004EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7.9AI Score
0.0005EPSS
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU...
7.8CVSS
7AI Score
0.0005EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
7.9AI Score
0.001EPSS
CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly...
5CVSS
6AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
7AI Score
0.001EPSS
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
7CVSS
6.7AI Score
0.001EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
7.6AI Score
0.0005EPSS
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root ...
7.8CVSS
6.6AI Score
0.0005EPSS
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) This was partially fixed in 0240216.....
7.8AI Score
0.0004EPSS
Intel CPUs -- multiple vulnerabilities
Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions (TDX) module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable...
7.9CVSS
7.3AI Score
0.0004EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) This was partially fixed in 0240216.....
7.7AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...
6.2AI Score
Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....
7.3AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.9CVSS
7.4AI Score
0.001EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
7.5CVSS
6.9AI Score
0.001EPSS
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and...
9.8CVSS
9.3AI Score
0.002EPSS
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.3AI Score
0.0005EPSS
GLSA-202405-32 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-32 (Mozilla Thunderbird: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...
8.6AI Score
0.0004EPSS
RHEL 5 : hw (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) hw: Fast forward store predictor...
7.6AI Score
0.001EPSS
RHEL 7 : optipng (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. optipng: heap buffer overflow in the bmp_read_rows function (CVE-2016-3981) optipng: heap buffer...
8AI Score
0.022EPSS
RHEL 7 : hw (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002) hw: Intel: Improper restriction in memory buffer in...
8.3AI Score
0.001EPSS
RHEL 6 : rubygems (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rubygems: Improper verification of signatures in tarball allows to install mis-signed gem ...
8AI Score
0.022EPSS