linux-intel-iotg vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
7.8CVSS
7AI Score
EPSS
(RHSA-2024:3423) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
7.2AI Score
0.0005EPSS
(RHSA-2024:3411) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
7.2AI Score
0.0005EPSS
(RHSA-2024:3385) Moderate: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14. Security Fix(es): jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) jetty-server: OutOfMemoryError for large multipart...
7.1AI Score
0.002EPSS
AlmaLinux 9 : glibc (ALSA-2024:3339)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...
7.7AI Score
0.0005EPSS
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
8.2CVSS
7.2AI Score
0.016EPSS
RHEL 9 : glibc (RHSA-2024:3423)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
7.7AI Score
0.0005EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.032EPSS
Oracle Linux 8 : frr (ELSA-2024-2981)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2981 advisory. [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out.....
7.5CVSS
7.5AI Score
0.005EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.8CVSS
7.5AI Score
EPSS
RHEL 9 : glibc (RHSA-2024:3411)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3411 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
8.1AI Score
0.0005EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...
7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : LibreOffice vulnerability (USN-6789-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6789-1 advisory. Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into...
7.2AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.4AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
6AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
5.9AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.4AI Score
0.0004EPSS
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate...
7AI Score
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate...
7AI Score
CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
5.9AI Score
0.0004EPSS
CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...
6.4AI Score
0.0004EPSS
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...
7.2AI Score
6.5AI Score
Fedora: Security Advisory for gdcm (FEDORA-2024-11821b16ac)
The remote host is missing an update for...
8.1CVSS
7.2AI Score
0.001EPSS
Fedora: Security Advisory for gdcm (FEDORA-2024-fae33e6e9f)
The remote host is missing an update for...
8.1CVSS
7.2AI Score
0.001EPSS
Fedora: Security Advisory for curl (FEDORA-2024-a09456b7a9)
The remote host is missing an update for...
7.5AI Score
0.0004EPSS
Fedora: Security Advisory for gdcm (FEDORA-2024-7a57842ec3)
The remote host is missing an update for...
8.1CVSS
7.2AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
Fedora: Security Advisory for curl (FEDORA-2024-6dab59bd47)
The remote host is missing an update for...
7.5AI Score
0.0004EPSS
[SECURITY] [DLA 3821-1] libreoffice security update
Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u12 CVE...
6.5AI Score
0.0004EPSS
Debian dla-3821 : fonts-opensymbol - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] ...
7.1AI Score
0.0004EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
[SECURITY] [DLA 3818-1] apache2 security update
Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...
7.5CVSS
7.9AI Score
0.01EPSS
Debian dla-3818 : apache2 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3818 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] ...
7.5CVSS
7.5AI Score
0.01EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...
6.3AI Score
0.0004EPSS
CVE-2021-47566 proc/vmcore: fix clearing user buffer by properly using clear_user()
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.3AI Score
0.0004EPSS
CVE-2021-47505 aio: fix use-after-free due to missing POLLFREE handling
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...
6.3AI Score
0.0004EPSS
Insufficient Session Expiration
@fastify/session is vulnerable to Insufficient Session Expiration. The vulnerability is due to the expires field being overridden if the maxAge field is set, which prevents cookies from being correctly detected as expired, thus expired sessions are not destroyed. This allows attackers to maintain.....
7.4CVSS
6.7AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS