In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...
6.9AI Score
0.0004EPSS
CVE-2021-47144 drm/amd/amdgpu: fix refcount leak
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...
6.6AI Score
0.0004EPSS
CVE-2021-47144 drm/amd/amdgpu: fix refcount leak
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...
6.7AI Score
0.0004EPSS
CVE-2021-47140 iommu/amd: Clear DMA ops when switching domain
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...
6.6AI Score
0.0004EPSS
CVE-2021-47140 iommu/amd: Clear DMA ops when switching domain
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...
6.8AI Score
0.0004EPSS
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...
6.2AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0857-1)
The remote host is missing an update for...
7.8CVSS
7.2AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0858-1)
The remote host is missing an update for...
7.8CVSS
7.2AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...
6.5AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.5AI Score
0.0004EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-oracle - Linux kernel for Oracle Cloud...
7.8CVSS
8.3AI Score
0.003EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...
6.5AI Score
0.0004EPSS
AMD Response to “ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms”
AMD ID: AMD-SB-7021 Potential Impact: Memory integrity Severity: N/A Summary On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates...
7.2AI Score
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
7.6AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
7.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...
7.8CVSS
7.7AI Score
EPSS
SUSE SLES12 Security Update : rubygem-rack-1_4 (SUSE-SU-2024:0946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0946-1 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to...
5.8CVSS
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
8.1AI Score
EPSS
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2024:0917-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0917-1 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R)...
6.5CVSS
8.1AI Score
0.001EPSS
VSCode ipynb Remote Development RCE
VSCode when opening an Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...
7.8CVSS
7.5AI Score
0.44EPSS
VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)
The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker...
6.5CVSS
7.5AI Score
EPSS
A vulnerability was found in some Intel Xeon D Processors with Intel SGX. This issue may allow a local attacker to achieve sensitive information disclosure, impacting the data confidentiality of the targeted...
5.3CVSS
6.1AI Score
0.0004EPSS
A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue may allow a malicious actor to achieve a Denial of Service attack, impacting the system availability of the targeted...
6.5CVSS
6.7AI Score
0.001EPSS
A vulnerability was found in some Intel processors that may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted...
5.5CVSS
6.7AI Score
0.0004EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...
7.5CVSS
6.8AI Score
0.001EPSS
Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...
6.5CVSS
6.4AI Score
0.001EPSS
gen-assist.com Cross Site Scripting vulnerability OBB-3882881
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216
Summary IBM QRadar SIEM M7 Appliances could be vulnerable to an Intel CVE. IBM has addressed the relevant CVE. Vulnerability Details ** CVEID: CVE-2022-21216 DESCRIPTION: **IntelAtom and Intel Xeon Scalable Processors could allow a remote authenticated attacker to gain elevated privileges on the...
7.5CVSS
7.1AI Score
0.0004EPSS
Apple Security Update: iOS 17.4.1 and iPadOS 17.4.1Details coming soon
Apple recommends to install security update iOS 17.4.1 and iPadOS 17.4.1Details coming soon on devices iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later,.....
6.6AI Score
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1443)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...
8.8CVSS
8.8AI Score
0.024EPSS
7.8CVSS
7.2AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1417)
The remote host is missing an update for the Huawei...
7.8CVSS
6.3AI Score
0.002EPSS
EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1415)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...
8.8CVSS
8.8AI Score
0.024EPSS
K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....
4.4CVSS
6AI Score
0.0004EPSS
EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2024-1417)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...
7.8CVSS
8AI Score
0.002EPSS
EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-1445)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...
7.8CVSS
8AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1445)
The remote host is missing an update for the Huawei...
7.8CVSS
6.3AI Score
0.002EPSS
About the security content of iOS 17.4.1 and iPadOS 17.4.1
About the security content of iOS 17.4.1 and iPadOS 17.4.1 This document describes the security content of iOS 17.4.1 and iPadOS 17.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
5.9CVSS
6.3AI Score
0.0005EPSS
Modern CPU architectures supporting speculative execution are vulnerable to a Speculative Race Condition (SRC) vulnerability, akin to Spectre V1. The vulnerability arises from race conditions that allow an unauthenticated attacker to exploit speculative executable code paths, potentially...
7.1AI Score
0.0004EPSS
linux-gcp, linux-gcp-4.15 vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA...
7.8CVSS
8AI Score
0.003EPSS
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...
9.8CVSS
9.9AI Score
EPSS
Summary and impact [GoogleOAuthenticator.hosted_domain] is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domain(s). The...
7.5CVSS
6.9AI Score
0.0004EPSS
Summary and impact [GoogleOAuthenticator.hosted_domain] is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domain(s). The...
7.5CVSS
6.5AI Score
0.0004EPSS
Popup Maker – Popup for opt-ins, lead gen, & more < 1.18.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.4CVSS
5.8AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-raspi - Linux kernel for Raspberry Pi...
7.8CVSS
7.6AI Score
0.002EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware...
7.8CVSS
7.7AI Score
0.002EPSS