Lucene search
K

271 matches found

Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.44 views

fence-agents security and bug fix update

4.2.1-129 - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 4.2.1-127 - fencescsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 - fencezvmip:...

6.1CVSS6.8AI score0.01207EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/05/07 12:0 a.m.3 views

May 7, 2024, update for Outlook 2016 (KB5002593)

May 7, 2024, update for Outlook 2016 KB5002593 This article describes update 5002593 for Microsoft Outlook 2016 that was released on May 7, 2024. Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

6.4AI score
Exploits0
Trellix
Trellix
added 2024/04/30 12:0 a.m.20 views

Pouring Acid Rain

Pouring Acid Rain By Trellix · April 30, 2024 This blog was written by Max Kersten In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. The...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/22 12:0 a.m.5 views

The vulnerability of the PAN-OS operating system, related to the occurrence of interpretation conflicts, allows attackers to disrupt the decoding process of traffic.

The vulnerability of the PAN-OS operating system is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disrupt the traffic decryption process...

5.3CVSS5.9AI score0.00433EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.5 views

Rockwell Automation Arena Simulation Software 缓冲区错误漏洞

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A heap buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to...

7.8CVSS7.4AI score0.00236EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/12 12:0 a.m.8 views

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications, related to interpretation conflicts, allows attackers to bypass authentication procedures.

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures using a specially crafted HTTP reques...

7.8CVSS7.2AI score0.01553EPSS
Exploits0References12Affected Software5
Veracode
Veracode
added 2024/02/28 6:41 a.m.12 views

Denial Of Service (DOS)

github.com/stacklok/minder is vulnerable to Denial-of-service. The vulnerability due to improper validation of repository IDs during registration. This allows an attacker to register a repository with an invalid or differing upstream ID, causing Minder to inaccurately report the repository as...

7.5CVSS7AI score0.00553EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/02/26 10:15 p.m.29 views

CVE-2024-27093

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...

7.5CVSS4.7AI score0.00553EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/02/22 10:44 a.m.56 views

A New Age of Hacktivism

In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joini...

9.8CVSS9.7AI score0.12661EPSS
Exploits0
OSV
OSV
added 2024/02/22 12:15 a.m.2 views

UBUNTU-CVE-2024-0410

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...

7.7CVSS5.8AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

Apache Answer 竞争条件问题漏洞

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...

5.9CVSS7AI score0.00895EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.7 views

The vulnerability of the Netty network programming framework arises from the existence of interpretation conflicts, which allow attackers to disclose and modify protected information.

The vulnerability of the Netty network programming framework is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a remote attacker to disclose and modify the protected information...

6.5CVSS7AI score0.00885EPSS
Exploits1References9Affected Software10
Wallarm Lab
Wallarm Lab
added 2023/12/27 2:58 p.m.18 views

CISO: Top 10 Trends for 2024

I recently hosted and moderated a distinguished panel of Chief Information Security Officers CISOs - Nitin Raina, CISO at ThoughtWorks, Mike Wilkes, former CISO at Marvel and Yogesh Badwe, CSO at Druva. We discussed major trends for 2024 across an array of topics including the evolving threat...

7.8AI score
Exploits0
Atlassian
Atlassian
added 2023/12/21 7:25 a.m.25 views

Merge Conflicts PRs in Confluence-Distribution

Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...

7.1AI score
Exploits0
Citrix
Citrix
added 2023/11/30 12:0 a.m.7 views

How to identify VRID Conflicts.

Explain VRID conflicts and how to identify them...

7.1AI score
Exploits0
OSV
OSV
added 2023/11/27 8:31 a.m.3 views

SUSE-SU-2023:4582-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...

7CVSS7AI score0.00196EPSS
Exploits0References5
OSV
OSV
added 2023/11/27 8:31 a.m.4 views

SUSE-SU-2023:4581-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...

7CVSS7AI score0.00196EPSS
Exploits0References5
OSV
OSV
added 2023/11/27 8:31 a.m.5 views

SUSE-SU-2023:4580-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...

7CVSS7AI score0.00196EPSS
Exploits0References5
OSV
OSV
added 2023/11/21 4:25 p.m.10 views

SUSE-SU-2023:4513-1 Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from moduniqueid. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. Don't delegate the generatation of the response body to httpd...

7.5CVSS7.6AI score0.90647EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/18 12:0 a.m.5 views

The vulnerability of the Suricata intrusion detection and prevention system, related to the occurrence of interpretation conflicts, allows an intruder to bypass or neutralize any signature based on the TCP protocol.

The vulnerability of the Suricata intrusion detection and prevention system is related to the occurrence of interpretation conflicts. Exploiting this vulnerability allows a remote attacker to bypass or neutralize any TCP-based signature, by intercepting the TCP segment...

10CVSS7.7AI score0.02521EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder