Lucene search
K

5879 matches found

OSV
OSV
added 2024/09/24 3:25 p.m.13 views

SUSE-SU-2024:3423-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling XSA-458, bsc1227355 - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping XSA-460,...

7.5CVSS7AI score0.08555EPSS
Exploits0References11
Qualys Blog
Qualys Blog
added 2024/09/24 3:0 p.m.14 views

Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine

As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.6 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6.5AI score0.01623EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.6 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the dereferencing of an unreliable pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS6.1AI score0.01623EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.6 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system relates to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

9CVSS6.3AI score0.01623EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.6 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6.1AI score0.01623EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.5 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6.5AI score0.01623EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.5 views

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the dereferencing of an unreliable pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS6.1AI score0.01623EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2024/09/23 1:0 p.m.13 views

Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem

As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security...

7.1AI score
Exploits0
OSV
OSV
added 2024/09/21 7:10 a.m.8 views

BIT-ENVOY-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS7.5AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2024/09/21 7:10 a.m.23 views

BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

7.5CVSS6.3AI score0.00373EPSS
Exploits0References2
OSV
OSV
added 2024/09/21 7:10 a.m.15 views

BIT-ENVOY-2024-45810 Envoy crashes for LocalReply in http async client

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...

7.5CVSS6.8AI score0.00637EPSS
Exploits1References2
NVD
NVD
added 2024/09/20 12:15 a.m.50 views

CVE-2024-45807

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS0.00495EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 11:34 p.m.51 views

CVE-2024-45807

CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...

7.5CVSS7.5AI score0.00495EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/19 10:54 p.m.117 views

CVE-2023-27584

CVE-2023-27584 affects Dragonfly2, an open-source P2P file distribution system. The vulnerability is caused by a hard-coded JWT secret key, "Secret Key", which enables authentication bypass. An attacker can perform actions with admin privileges by crafting a valid JWT token, potentially accessing...

9.8CVSS9.5AI score0.33618EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2024/09/19 10:51 p.m.14 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.6AI score0.01513EPSS
Exploits0
OSV
OSV
added 2024/09/15 7:37 p.m.17 views

RHSA-2012:0039 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.03197EPSS
Exploits1References8
OSV
OSV
added 2024/09/15 7:37 p.m.13 views

RHSA-2012:0037 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.03197EPSS
Exploits1References8
OSV
OSV
added 2024/09/15 7:37 p.m.23 views

RHSA-2012:0035 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.03197EPSS
Exploits1References7
CNVD
CNVD
added 2024/09/13 12:0 a.m.7 views

IBM Concert Information Disclosure Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...

4.3CVSS6.3AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder