Lucene search

K

3com – Asesor De Cookies Para Normativa Española Security Vulnerabilities

oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
nessus
nessus

Oracle Linux 7 : libreoffice (ELSA-2024-3304)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-24 12:00 AM
7
oraclelinux
oraclelinux

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

8.1CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
4
ubuntucve
ubuntucve

CVE-2021-47566

In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
ubuntucve
ubuntucve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
1
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

9.8CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
2
krebs
krebs

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

6.8AI Score

2024-05-23 11:32 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 114 vulnerabilities disclosed in 88...

10CVSS

9.3AI Score

EPSS

2024-05-23 03:00 PM
11
redhat
redhat

(RHSA-2024:3346) Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

7.3AI Score

0.0004EPSS

2024-05-23 02:21 PM
5
redhat
redhat

(RHSA-2024:3344) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.8AI Score

0.0004EPSS

2024-05-23 02:21 PM
22
redhat
redhat

(RHSA-2024:2901) Low: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update

The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled using additional metrics sources other than pod metrics. This release builds upon updated compiler, runtime library, and....

6.9AI Score

0.004EPSS

2024-05-23 02:07 PM
4
redhatcve
redhatcve

CVE-2021-47292

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex.....

6.5AI Score

0.0004EPSS

2024-05-23 01:31 PM
1
rapid7blog
rapid7blog

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....

8.4CVSS

8.8AI Score

0.028EPSS

2024-05-23 01:00 PM
9
redhat
redhat

(RHSA-2024:3339) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.9AI Score

0.0005EPSS

2024-05-23 12:42 PM
23
redhatcve
redhatcve

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should...

6.8AI Score

0.0004EPSS

2024-05-23 11:29 AM
9
redhatcve
redhatcve

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180...

6.4AI Score

0.0004EPSS

2024-05-23 11:13 AM
4
veracode
veracode

Information Disclosure

passbolt/passbolt_api is vulnerable to Information Disclosure. The vulnerability is due to the exposure of session cookies through the /auth/verify.json endpoint, which returns cookies in the response similar to the TRACE HTTP method, potentially allowing an attacker to hijack a user session if...

6.1AI Score

2024-05-23 10:25 AM
redhat
redhat

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...

7.4AI Score

EPSS

2024-05-23 06:30 AM
3
redhat
redhat

(RHSA-2024:3312) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

8.5AI Score

0.0005EPSS

2024-05-23 05:51 AM
5
redhat
redhat

(RHSA-2024:3309) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

8.4AI Score

0.0005EPSS

2024-05-23 05:51 AM
5
redhat
redhat

(RHSA-2024:3304) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.1AI Score

0.001EPSS

2024-05-23 05:51 AM
2
oraclelinux
oraclelinux

libreoffice security fix update

[1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix...

8.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
5
almalinux
almalinux

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

6.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
almalinux
almalinux

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

7.2AI Score

0.0005EPSS

2024-05-23 12:00 AM
23
nessus
nessus

RHEL 8 : git-lfs (RHSA-2024:3346)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3346 advisory. Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git,...

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 8 : glibc (RHSA-2024:3269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3269 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...

7.1AI Score

0.0005EPSS

2024-05-23 12:00 AM
4
nessus
nessus

RHEL 8 : go-toolset:rhel8 (RHSA-2024:3259)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3259 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

7.4AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : glibc (RHSA-2024:3344)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3344 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.1AI Score

0.0004EPSS

2024-05-23 12:00 AM
6
oraclelinux
oraclelinux

frr security update

[7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves:....

7.5CVSS

7.2AI Score

0.005EPSS

2024-05-23 12:00 AM
2
almalinux
almalinux

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

7.4AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 9 : glibc (RHSA-2024:3339)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3339 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.2AI Score

0.0005EPSS

2024-05-23 12:00 AM
5
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

9.8CVSS

8AI Score

EPSS

2024-05-23 12:00 AM
11
wpvulndb
wpvulndb

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...

9.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
nessus
nessus

RHEL 8 : glibc (RHSA-2024:3312)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3312 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.1AI Score

0.0005EPSS

2024-05-23 12:00 AM
3
wpexploit
wpexploit

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

9.9AI Score

0.0004EPSS

2024-05-23 12:00 AM
19
osv
osv

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

6.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
1
nessus
nessus

RHEL 7 : libreoffice (RHSA-2024:3304)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor,...

8.8CVSS

7.5AI Score

0.001EPSS

2024-05-23 12:00 AM
3
nessus
nessus

CentOS 8 : glibc (CESA-2024:3344)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3344 advisory. nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests...

6.6AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 8 : glibc (RHSA-2024:3309)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3309 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

8.9AI Score

0.0005EPSS

2024-05-23 12:00 AM
8
metasploit
metasploit

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability (CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

9.5AI Score

0.002EPSS

2024-05-22 03:38 PM
4
kitploit
kitploit

Above - Invisible Network Protocol Sniffer

Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, &lt;[email protected]&gt; Pseudonym: Caster Version: 2.6 ...

7.1AI Score

2024-05-22 12:30 PM
27
redhat
redhat

(RHSA-2024:3269) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

8.3AI Score

0.0005EPSS

2024-05-22 10:41 AM
37
redhat
redhat

(RHSA-2024:3259) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers...

7.1AI Score

0.0004EPSS

2024-05-22 10:41 AM
9
securelist
securelist

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here, here and here), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a...

7.7AI Score

2024-05-22 10:00 AM
8
nessus
nessus

Fedora 39 : kernel (2024-49fcf86f58)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49fcf86f58 advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...

6.4CVSS

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
osv
osv

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
almalinux
almalinux

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
nessus
nessus

CentOS 8 : python3.11-urllib3 (CESA-2024:2986)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:2986 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies...

8.1CVSS

6.3AI Score

0.001EPSS

2024-05-22 12:00 AM
2
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6782-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6782-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

9AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

7.9AI Score

0.0005EPSS

2024-05-22 12:00 AM
4
Total number of security vulnerabilities51354