openSUSE: Security Advisory for the Linux Kernel (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2024:0421-1)
The remote host is missing an update for...
9.8CVSS
8.3AI Score
0.017EPSS
Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect...
7.8AI Score
7.4AI Score
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.8CVSS
9.9AI Score
0.052EPSS
5.5CVSS
6AI Score
0.001EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
8.1CVSS
7.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.5AI Score
0.0004EPSS
usb: hub: Guard against accesses to uninitialized BOS descriptors
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.6AI Score
0.0004EPSS
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
5.3CVSS
6.9AI Score
0.0004EPSS
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
5.3CVSS
6.9AI Score
0.0004EPSS
CentOS 9 : kernel-5.14.0-347.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog. A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device...
9.3AI Score
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-26.el9 build changelog. A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on...
8.2AI Score
CentOS 9 : NetworkManager-1.43.10-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the NetworkManager-1.43.10-1.el9 build changelog. It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path...
6.5AI Score
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
7.3AI Score
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the runc-1.1.7-2.el9 build changelog. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as...
7.7AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.5AI Score
0.0004EPSS
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causing....
10CVSS
9.5AI Score
0.001EPSS
Exploit for OS Command Injection in Cacti
Command injection vulnerability in Cacti (CVE-2023-39362) -...
7.2CVSS
8.1AI Score
0.016EPSS
Detecting Canary Tokens and Suspicious URLs in Microsoft Office, Acrobat Reader PDF and Zip Files Introduction In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
7AI Score
0.0004EPSS
riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
0.0004EPSS
A NULL pointer dereference flaw was found in ethtool loopback test in the Linux Kernel. This issue occurs due to a missing q_vector associated with the test ring when it is setup, as interrupts are not normally added to the test...
5.5CVSS
7.1AI Score
0.0004EPSS
An educational robot security research
In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can...
8.1AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
5.5CVSS
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
7AI Score
0.0004EPSS
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
0.0004EPSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
PageLayer < 1.8.1 - Admin+ Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Persian Fonts <= 1.6 - Admin+ Stored XSS
The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated....
5.5CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated....
7.2AI Score
0.0004EPSS
ixgbe: Fix NULL pointer dereference in ethtool loopback test
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated....
0.0004EPSS
10CVSS
7.2AI Score
0.972EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated....
5.5CVSS
6.7AI Score
0.0004EPSS