Lucene search

K

ALL NIPPON AIRWAYS CO., LTD Security Vulnerabilities

nvd
nvd

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

7.5AI Score

0.0004EPSS

2024-05-01 01:15 PM
1
nvd
nvd

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

7.3AI Score

0.0004EPSS

2024-04-17 11:15 AM
1
cnvd
cnvd

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-14992)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co.,...

7.6AI Score

2024-02-21 12:00 AM
15
nvd
nvd

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.6AI Score

0.0004EPSS

2024-05-17 03:15 PM
cvelist
cvelist

CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

6.2AI Score

0.0004EPSS

2024-02-28 02:38 PM
cve
cve

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

5.9AI Score

0.0004EPSS

2024-02-28 03:15 PM
132
nvd
nvd

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.4AI Score

0.0004EPSS

2024-05-17 03:15 PM
1
nessus
nessus

Oracle Linux 9 : pcp (ELSA-2024-2213)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2213 advisory. A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services...

6CVSS

6.5AI Score

0.0004EPSS

2024-05-06 12:00 AM
3
schneier
schneier

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum's backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be...

6.9AI Score

2024-05-17 11:09 AM
7
nvd
nvd

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...

6CVSS

6AI Score

0.0004EPSS

2024-02-28 03:15 PM
1
nvd
nvd

CVE-2024-29667

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...

7.5AI Score

0.0004EPSS

2024-03-29 06:15 PM
1
jvn
jvn

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.7AI Score

0.0004EPSS

2024-02-20 12:00 AM
7
osv
osv

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.7AI Score

0.0005EPSS

2024-04-05 02:56 PM
4
cve
cve

CVE-2024-29667

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...

7.8AI Score

0.0004EPSS

2024-03-29 06:15 PM
38
wpvulndb
wpvulndb

Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...

6.7AI Score

0.0004EPSS

2024-04-04 12:00 AM
9
githubexploit
githubexploit

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

7.5CVSS

7.9AI Score

0.006EPSS

2023-09-28 08:45 AM
119
almalinux
almalinux

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.6AI Score

0.0005EPSS

2024-04-02 12:00 AM
7
osv
osv

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-04-02 12:00 AM
10
cve
cve

CVE-2022-3007

The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit...

8.1CVSS

8AI Score

0.0005EPSS

2023-10-31 12:15 PM
20
nessus
nessus

RHEL 8 : kernel (RHSA-2020:1372)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1372 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: local user can...

6.8CVSS

8.3AI Score

0.002EPSS

2020-08-07 12:00 AM
27
thn
thn

Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, had been...

7.1AI Score

2024-05-15 08:28 AM
1
schneier
schneier

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI Score

2024-06-07 08:55 PM
4
jvn
jvn

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...

6.3AI Score

0.006EPSS

2014-01-22 12:00 AM
11
rocky
rocky

grafana-pcp security and bug fix update

An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-04-05 02:56 PM
12
redhat
redhat

(RHSA-2024:1644) Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.7AI Score

0.0005EPSS

2024-04-02 08:03 PM
10
cvelist
cvelist

CVE-2024-29667

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...

7.8AI Score

0.0004EPSS

2024-03-29 12:00 AM
cve
cve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
33
cnvd
cnvd

SQL Injection Vulnerability in Water Information Management Platform of Shandong Weimicro Technology Co. Ltd (CNVD-2024-14236)

Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. The water information management platform of...

7.5AI Score

2024-02-15 12:00 AM
8
redhatcve
redhatcve

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

6.9AI Score

0.0004EPSS

2024-04-17 06:29 PM
6
cnvd
cnvd

Information leakage vulnerability in the comprehensive management platform of intelligent park of Zhejiang Dahua Technology Co.(CNVD-2024-14798)

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. There is an information leakage vulnerability in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by attackers to obtain sensitive...

6.6AI Score

2024-02-22 12:00 AM
3
attackerkb
attackerkb

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

5.5CVSS

7AI Score

0.213EPSS

2024-06-07 12:00 AM
redhatcve
redhatcve

CVE-2024-4610

A use-after-free vulnerability was found in the Arm Ltd Bifrost GPU kernel driver. The Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This issue affects the Bifrost GPU Kernel Driver...

5.5CVSS

5.5AI Score

0.213EPSS

2024-06-13 11:13 AM
7
cve
cve

CVE-2024-28744

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...

6.9AI Score

0.0004EPSS

2024-04-08 01:15 AM
27
vulnrichment
vulnrichment

CVE-2021-47441 mlxsw: thermal: Fix out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.7AI Score

0.0004EPSS

2024-05-22 06:19 AM
1
nessus
nessus

RHEL 6 : pcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) A Improper Limitation of...

7.4AI Score

0.001EPSS

2024-05-11 12:00 AM
6
cvelist
cvelist

CVE-2021-47441 mlxsw: thermal: Fix out-of-bounds memory accesses

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.3AI Score

0.0004EPSS

2024-05-22 06:19 AM
nessus
nessus

Debian DLA-1932-1 : openssl security update

Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...

4.7CVSS

6.5AI Score

0.015EPSS

2019-09-26 12:00 AM
94
ibm
ibm

Security Bulletin: Multiple vulnerabilities exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....

7.5CVSS

6.9AI Score

0.001EPSS

2024-05-13 11:52 AM
8
cve
cve

CVE-2024-26258

OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...

8.1AI Score

0.0004EPSS

2024-04-04 12:15 AM
5
nessus
nessus

Do not scan printers

The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan...

7.5AI Score

2003-12-01 12:00 AM
852
jvn
jvn

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting (CWE-79) CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component (CWE-1395) Known...

7.2AI Score

0.0004EPSS

2024-06-03 12:00 AM
6
nvd
nvd

CVE-2024-31936

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-04-11 01:15 PM
2
krebs
krebs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

7.3AI Score

2024-05-28 08:38 PM
14
cve
cve

CVE-2024-31936

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-04-11 01:15 PM
30
cvelist
cvelist

CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-04-11 12:15 PM
vulnrichment
vulnrichment

CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.7AI Score

0.0004EPSS

2024-03-25 09:16 AM
osv
osv

Helm dependency management path traversal

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-02-15 03:34 PM
5
redos
redos

ROS-20240329-22

Vulnerability in the Heerces C++ library of the BigFix Platform IT hardware co-management platform is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, to execute arbitrary code by sending a specially crafted HTTP...

8.8CVSS

8AI Score

0.007EPSS

2024-03-29 12:00 AM
10
cve
cve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.3AI Score

0.0004EPSS

2024-03-25 10:15 AM
32
cvelist
cvelist

CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

7.4AI Score

0.0004EPSS

2024-03-25 09:16 AM
Total number of security vulnerabilities15436