CVE-2024-25997 PHOENIX CONTACT: Log injection in CHARX Series
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is...
5.3CVSS
7.4AI Score
0.001EPSS
CVE-2024-25997 PHOENIX CONTACT: Log injection in CHARX Series
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is...
5.3CVSS
5.9AI Score
0.001EPSS
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service...
5.3CVSS
7.9AI Score
0.001EPSS
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service...
5.3CVSS
6.3AI Score
0.001EPSS
CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical...
9.8CVSS
10AI Score
0.002EPSS
CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical...
9.8CVSS
8.2AI Score
0.002EPSS
CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write...
5.3CVSS
5.8AI Score
0.001EPSS
CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write...
5.3CVSS
7.2AI Score
0.001EPSS
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...
7.2AI Score
0.0004EPSS
Amazon Linux 2 : microcode_ctl (ALAS-2024-2491)
The version of microcode_ctl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2491 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an...
6.5CVSS
6.1AI Score
0.001EPSS
EulerOS 2.0 SP8 : shim (EulerOS-SA-2024-1299)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain...
6.5CVSS
7AI Score
0.003EPSS
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...
6.1CVSS
6.6AI Score
0.001EPSS
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
7.2AI Score
0.0004EPSS
Grandstream IP Phones GXP14xx <= 1.0.8.9 / GXP16xx <= 1.0.7.70 Privilege Escalation Vulnerability
Grandstream GXP14xx and GXP16xx Series IP phones are prone to a privilege escalation...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1260)
The remote host is missing an update for the Huawei...
6.5CVSS
7.9AI Score
0.001EPSS
2024.1 IPU OOB - Intel® Xeon® D Processor Advisory
Summary: A potential security vulnerability in some Intel® Xeon® D Processors with Intel® Software Guard Extensions (SGX) may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-43490 Description:...
6.4AI Score
0.0004EPSS
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.5AI Score
0.001EPSS
2024.1 IPU - Intel® Atom® Processor Advisory
Summary: A potential security vulnerability in some Intel® Atom® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28746 Description: Information exposure through microarchitectural...
6.7AI Score
0.0004EPSS
EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-1260)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met....
6.5CVSS
7.3AI Score
0.001EPSS
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
5.2AI Score
0.0004EPSS
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.6AI Score
0.0004EPSS
7.8CVSS
7.2AI Score
0.002EPSS
Rocky Linux 8 : firefox (RLSA-2024:0955)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.5CVSS
6.9AI Score
0.001EPSS
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
7.8CVSS
8.3AI Score
0.002EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
9.7AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
9.9AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
8.4AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
10AI Score
0.0004EPSS
7.4AI Score
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.1 - Linux kernel for OEM systems Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker...
7.8CVSS
8.3AI Score
0.002EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-raspi-5.4 - Linux kernel for Raspberry Pi systems linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Wenqing Liu discovered that the f2fs file system...
7.8CVSS
8.3AI Score
0.003EPSS
The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and Participation Claudia Chwalisz, Moving...
7.2AI Score
Summary Multiple Vulnerabilities were disclosed as part of the Oracle Jan 2024 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2024-20918 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality...
7.5CVSS
6.6AI Score
0.001EPSS
JVN#48443978: a-blog cms vulnerable to directory traversal
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22). ## Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. ## Solution....
7.4AI Score
0.0004EPSS
Android Buffer Overflow in WhatsApp (CVE-2019-3568)
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to...
8.2CVSS
8.1AI Score
0.028EPSS
Cisco FXOS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)
According to its self-reported version, Cisco FXOS is affected by a vulnerability. The vulnerability lies in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected...
6.6CVSS
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: icecat-115.8.0-2.rh1.fc40
GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from...
9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40
The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...
6.8AI Score
0.0004EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 (1.8.0_401). Vulnerability Details ** CVEID: CVE-2023-22067 ...
5.3CVSS
8.9AI Score
0.001EPSS
It's that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...
7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2023...
3.7CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.5CVSS
7.6AI Score
0.001EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.2AI Score
0.0004EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.1AI Score
0.0004EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.6AI Score
0.0004EPSS
CVE-2023-42661 JFrog Artifactory Improper input validation leads to arbitrary file write
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.4AI Score
0.0004EPSS
How Public AI Can Strengthen Democracy
With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...
6.9AI Score