Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...
8.4AI Score
EPSS
Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...
7.4CVSS
7.6AI Score
0.0005EPSS
openSUSE: Security Advisory for ucode (SUSE-SU-2024:1139-1)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2024:1102-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1102-1 advisory. Information exposure through microarchitectural state after transient execution from some...
6.5CVSS
6.9AI Score
0.0004EPSS
Talos Vulnerability Report TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability April 9, 2024 CVE Number...
7.2CVSS
8.2AI Score
0.0005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1139-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1139-1 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when...
6.5CVSS
8.1AI Score
0.001EPSS
Linux kernel on Intel systems is susceptible to Spectre v2 attacks
Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated.....
6.5CVSS
6.8AI Score
EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 14.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to...
7.8CVSS
8.3AI Score
0.003EPSS
Google Sues App Developers Over Fake Crypto Investment App Scam
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...
7.1AI Score
7.4AI Score
7.4AI Score
Unbreakable Enterprise kernel security update
[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
8.2AI Score
EPSS
SUSE SLES12 Security Update : xen (SUSE-SU-2024:1105-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1105-1 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R)...
6.5CVSS
7.3AI Score
0.0004EPSS
grafana-pcp security and bug fix update
An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...
7.5CVSS
7.5AI Score
0.0005EPSS
Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.5CVSS
7.7AI Score
0.0005EPSS
6.5CVSS
7.2AI Score
0.001EPSS
JVN#82074338: Multiple vulnerabilities in NEC Aterm series
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...
8.6AI Score
0.0004EPSS
Rocky Linux 8 : curl (RLSA-2024:1601)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1601 advisory. An information disclosure vulnerability exists in...
6.5CVSS
8.1AI Score
0.001EPSS
Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit
The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...
7.8AI Score
Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...
7.5CVSS
6AI Score
0.005EPSS
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487 Vulnerability Details ** CVEID: CVE-2023-46158 DESCRIPTION: **IBM WebSphere Application...
9.8CVSS
9.3AI Score
0.732EPSS
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...
6.1CVSS
5.2AI Score
0.0004EPSS
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...
6.1CVSS
5.8AI Score
0.0004EPSS
CVE-2024-29182 Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could...
6.1CVSS
5.9AI Score
0.0004EPSS
Schweitzer Engineering Laboratories SEL
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL 700 series relays Vulnerability: Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability could...
6.5CVSS
7.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in libcurl may affect IBM Storage Scale System (CVE-2023-28322)
Summary A vulnerability in libcurl may allow a remote attacker to bypass security restrictions in IBM Storage Scale System. A fix for this vulnerability is available. Vulnerability Details ** CVEID: CVE-2023-28322 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...
3.7CVSS
6.7AI Score
0.001EPSS
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service, an attacker to obtain sensitive information or gain elevated privileges on the system . Fixes for these vulnerabilities are available. CVE-2023-3772,...
7.8CVSS
10AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.5CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...
6.6AI Score
0.0004EPSS
7.4AI Score
Cisco Access Points Managed from Catalyst DoS (cisco-sa-ap-dos-h9TGGX6W)
According to its self-reported version, Cisco access points managed by this Cisco Catalyst 9800 Series Wireless Controller are affected by a denial of service vulnerability. Due to insufficient input validation of certain IPv4 packets, an unauthenticated, remote attacker can causing attached...
8.6CVSS
6.9AI Score
0.0004EPSS
Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit
Title: Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit Advisory ID: ZSL-2024-5813 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 04.04.2024 Summary The TRA7000 series is a set of products dedicated to broadcast,...
7.8AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...
6.7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to...
6.1CVSS
6AI Score
0.0004EPSS
CVE-2024-26761 cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed...
7.5AI Score
0.0004EPSS
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A...
9.2AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to...
6.3AI Score
0.0004EPSS
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland...
7.2AI Score
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....
4.9CVSS
5AI Score
0.0004EPSS
An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....
4.9CVSS
5.8AI Score
0.0004EPSS
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger....
4.9CVSS
7.7AI Score
0.0004EPSS
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger....
4.9CVSS
5AI Score
0.0004EPSS
A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to...
4.9CVSS
5.2AI Score
0.0005EPSS
A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to...
4.9CVSS
6AI Score
0.0005EPSS
A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
4.9CVSS
5.2AI Score
0.0005EPSS
A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
4.9CVSS
8AI Score
0.0005EPSS
An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....
4.9CVSS
6.7AI Score
0.0004EPSS