Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
7.8CVSS
8.3AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove...
7.8CVSS
7.4AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.7AI Score
0.002EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.1 - Linux kernel for OEM systems Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker...
7.8CVSS
8.3AI Score
0.002EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-raspi-5.4 - Linux kernel for Raspberry Pi systems linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Wenqing Liu discovered that the f2fs file system...
7.8CVSS
8.3AI Score
0.003EPSS
Update now! JetBrains TeamCity vulnerability abused at scale
JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server.....
9.8CVSS
8AI Score
0.972EPSS
Summary Multiple Vulnerabilities were disclosed as part of the Oracle Jan 2024 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2024-20918 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality...
7.5CVSS
6.6AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux (SUSE-SU-2023:0488-1)
The remote host is missing an update for...
7.9CVSS
7.4AI Score
0.002EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 (1.8.0_401). Vulnerability Details ** CVEID: CVE-2023-22067 ...
5.3CVSS
8.9AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2023...
3.7CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.5CVSS
7.6AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
7.5CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
6.7AI Score
0.0004EPSS
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations,...
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
7.3AI Score
0.0004EPSS
CVE-2023-52585 drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
8.2AI Score
0.0004EPSS
CVE-2023-52585 drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183...
6.8AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems linux-laptop - Linux kernel for Lenovo X13s ARM laptops linux-lowlatency - Linux low...
7CVSS
8AI Score
0.003EPSS
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI By Jambul Tologonov and John Fokker · March 06, 2024 In the ever-evolving threat landscape, the Trellix Advanced Research Center has been at the forefront of understanding and combating the dual-edged sword of Generative...
6.9AI Score
0.033EPSS
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
TL;DR CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() Details: django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a...
7.5CVSS
9.5AI Score
0.029EPSS
(RHSA-2024:1112) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
7.4AI Score
0.0005EPSS
Apple Security Update: iOS 15.8.2 and iPadOS 15.8.2
Apple recommends to install security update iOS 15.8.2 and iPadOS 15.8.2 on devices iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th...
6.6AI Score
Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices and will be rolled out over the coming days. This build contains a number of bug fixes and security updates. If you find new issues, please let us know one of the following ways: File a...
9.8CVSS
7.8AI Score
0.582EPSS
CentOS: Security Advisory for iwl1000-firmware (CESA-2023:7513)
The remote host is missing an update for...
5.5CVSS
7.3AI Score
0.001EPSS
RHEL 8 : linux-firmware (RHSA-2024:1112)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1112 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
8.2CVSS
8AI Score
0.0005EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.2AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.4AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
CVE-2023-6241 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.5AI Score
0.0004EPSS
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...
9.8CVSS
10AI Score
0.059EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.3AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.5AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
CVE-2023-6143 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.5AI Score
0.0004EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3683-2)
The remote host is missing an update for...
7.8CVSS
7.1AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:0774-1)
The remote host is missing an update for...
7.8CVSS
7.3AI Score
0.002EPSS
openSUSE: Security Advisory for xen (SUSE-SU-2023:4475-1)
The remote host is missing an update for...
7.8CVSS
7AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3704-2)
The remote host is missing an update for...
7.8CVSS
7.1AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3704-1)
The remote host is missing an update for...
7.8CVSS
7.1AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2871-1)
The remote host is missing an update for...
8.8CVSS
8.3AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3182-1)
The remote host is missing an update for...
7.8CVSS
7.5AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2424-2)
The remote host is missing an update for...
8.2CVSS
7.3AI Score
0.006EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3680-1)
The remote host is missing an update for...
7.8CVSS
7.1AI Score
EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2023:3298-1)
The remote host is missing an update for...
4.7CVSS
7.3AI Score
0.0004EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4057-1)
The remote host is missing an update for...
7.8CVSS
7.3AI Score
EPSS