Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

osv
osv

linux-intel-iotg vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

7.8CVSS

7AI Score

EPSS

2024-05-28 07:06 PM
4
redhat
redhat

(RHSA-2024:3423) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.2AI Score

0.0005EPSS

2024-05-28 01:04 PM
7
redhat
redhat

(RHSA-2024:3411) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.2AI Score

0.0005EPSS

2024-05-28 12:59 PM
12
redhat
redhat

(RHSA-2024:3385) Moderate: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release

This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14. Security Fix(es): jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) jetty-server: OutOfMemoryError for large multipart...

7.1AI Score

0.002EPSS

2024-05-28 11:17 AM
12
nessus
nessus

AlmaLinux 9 : glibc (ALSA-2024:3339)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

7.7AI Score

0.0005EPSS

2024-05-28 12:00 AM
3
nessus
nessus

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

8.2CVSS

7.2AI Score

0.016EPSS

2024-05-28 12:00 AM
3
nessus
nessus

RHEL 9 : glibc (RHSA-2024:3423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

7.7AI Score

0.0005EPSS

2024-05-28 12:00 AM
1
nessus
nessus

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...

9.8CVSS

7.2AI Score

0.032EPSS

2024-05-28 12:00 AM
5
nessus
nessus

Oracle Linux 8 : frr (ELSA-2024-2981)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2981 advisory. [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out.....

7.5CVSS

7.5AI Score

0.005EPSS

2024-05-28 12:00 AM
1
ubuntu
ubuntu

Linux kernel (Intel IoTG) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...

7.8CVSS

7.5AI Score

EPSS

2024-05-28 12:00 AM
5
nessus
nessus

RHEL 9 : glibc (RHSA-2024:3411)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3411 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.1AI Score

0.0005EPSS

2024-05-28 12:00 AM
ubuntu
ubuntu

LibreOffice vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...

7AI Score

0.0004EPSS

2024-05-28 12:00 AM
9
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibreOffice vulnerability (USN-6789-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6789-1 advisory. Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into...

7.2AI Score

0.0004EPSS

2024-05-28 12:00 AM
2
osv
osv

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.5AI Score

0.0004EPSS

2024-05-27 07:15 PM
3
cve
cve

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.4AI Score

0.0004EPSS

2024-05-27 07:15 PM
27
nvd
nvd

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

6AI Score

0.0004EPSS

2024-05-27 07:15 PM
nvd
nvd

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

5.9AI Score

0.0004EPSS

2024-05-27 07:15 PM
osv
osv

CVE-2024-35181

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.5AI Score

0.0004EPSS

2024-05-27 07:15 PM
2
cve
cve

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.4AI Score

0.0004EPSS

2024-05-27 07:15 PM
28
osv
osv

silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled

If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate...

7AI Score

2024-05-27 06:53 PM
1
github
github

silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled

If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate...

7AI Score

2024-05-27 06:53 PM
3
cvelist
cvelist

CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

5.9AI Score

0.0004EPSS

2024-05-27 06:18 PM
1
vulnrichment
vulnrichment

CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.5AI Score

0.0004EPSS

2024-05-27 06:18 PM
1
vulnrichment
vulnrichment

CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

7.5AI Score

0.0004EPSS

2024-05-27 06:18 PM
cvelist
cvelist

CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

5.9CVSS

6AI Score

0.0004EPSS

2024-05-27 06:18 PM
1
redhatcve
redhatcve

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.5AI Score

0.0004EPSS

2024-05-27 11:30 AM
4
redhatcve
redhatcve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.4AI Score

0.0004EPSS

2024-05-27 11:00 AM
3
thn
thn

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...

7.2AI Score

2024-05-27 09:02 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-30056

Microsoft-Edge-Information-Disclosure CVE-2024-30056...

6.5AI Score

2024-05-27 06:37 AM
148
openvas
openvas

Fedora: Security Advisory for gdcm (FEDORA-2024-11821b16ac)

The remote host is missing an update for...

8.1CVSS

7.2AI Score

0.001EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for gdcm (FEDORA-2024-fae33e6e9f)

The remote host is missing an update for...

8.1CVSS

7.2AI Score

0.001EPSS

2024-05-27 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for curl (FEDORA-2024-a09456b7a9)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for gdcm (FEDORA-2024-7a57842ec3)

The remote host is missing an update for...

8.1CVSS

7.2AI Score

0.001EPSS

2024-05-27 12:00 AM
openvas
openvas

Debian: Security Advisory (DLA-3821-1)

The remote host is missing an update for the...

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
2
openvas
openvas

Fedora: Security Advisory for curl (FEDORA-2024-6dab59bd47)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
debian
debian

[SECURITY] [DLA 3821-1] libreoffice security update

Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u12 CVE...

6.5AI Score

0.0004EPSS

2024-05-26 06:43 AM
1
nessus
nessus

Debian dla-3821 : fonts-opensymbol - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] ...

7.1AI Score

0.0004EPSS

2024-05-26 12:00 AM
2
kitploit
kitploit

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....

7AI Score

2024-05-25 12:30 PM
14
debian
debian

[SECURITY] [DLA 3818-1] apache2 security update

Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...

7.5CVSS

7.9AI Score

0.01EPSS

2024-05-25 11:06 AM
5
nessus
nessus

Debian dla-3818 : apache2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3818 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] ...

7.5CVSS

7.5AI Score

0.01EPSS

2024-05-25 12:00 AM
4
debiancve
debiancve

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.6AI Score

0.0004EPSS

2024-05-24 03:15 PM
7
nvd
nvd

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.4AI Score

0.0004EPSS

2024-05-24 03:15 PM
cve
cve

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.6AI Score

0.0004EPSS

2024-05-24 03:15 PM
26
debiancve
debiancve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
3
cve
cve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
26
nvd
nvd

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:15 PM
cvelist
cvelist

CVE-2021-47566 proc/vmcore: fix clearing user buffer by properly using clear_user()

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.3AI Score

0.0004EPSS

2024-05-24 03:12 PM
cvelist
cvelist

CVE-2021-47505 aio: fix use-after-free due to missing POLLFREE handling

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:01 PM
1
veracode
veracode

Insufficient Session Expiration

@fastify/session is vulnerable to Insufficient Session Expiration. The vulnerability is due to the expires field being overridden if the maxAge field is set, which prevents cookies from being correctly detected as expired, thus expired sessions are not destroyed. This allows attackers to maintain.....

7.4CVSS

6.7AI Score

0.0004EPSS

2024-05-24 05:24 AM
4
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
Total number of security vulnerabilities51582