In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed,...
6.6AI Score
0.0004EPSS
4.9CVSS
7.1AI Score
0.0005EPSS
K000139698: Python vulnerabilities CVE-2016-5636, and CVE-2023-36632
Security Advisory Description CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based...
8.3AI Score
0.028EPSS
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to....
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF: BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955 nla_strcmp+0xf2/0x130 lib/nlattr.c:836 nft_table_lookup.part.0+0x1a2/0x460...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain...
6.8AI Score
0.0004EPSS
K000139700: Linux kernel usbmon vulnerability CVE-2022-43750
Security Advisory Description drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. (CVE-2022-43750) Impact This vulnerability may allow an attacker with local access to gain improper...
7.1AI Score
0.0004EPSS
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2 By Chintan Shah, Maulik Maheta · May 21, 2024 Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service permissions (T1574.011), NTDS.dit file.....
7.9AI Score
K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063
Security Advisory Description CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2018-1000802 Python Software Foundation Python (CPython)...
8.4AI Score
0.01EPSS
7.8CVSS
7AI Score
EPSS
F5 Networks BIG-IP : VPN TunnelVision vulnerability (K000139553)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139553 advisory. By design, the DHCP protocol does not authenticate messages, including for example the classless static route...
7.6CVSS
7.7AI Score
0.0005EPSS
K000139685: Python vulnerability CVE-2023-40217
Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into...
7AI Score
0.0005EPSS
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2021-35942 DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain...
9.8CVSS
9.5AI Score
0.963EPSS
New mariadb packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mariadb-10.5.25-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability...
4.9CVSS
6.2AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More...
5.5CVSS
5.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
7.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
7.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.1AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8.8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.1AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
7.9AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time....
6.5AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
8.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
7.9AI Score
0.0004EPSS
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION: **Golang Go could allow a remote attacker to traverse directories on...
7.5CVSS
7.5AI Score
0.001EPSS
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under.....
9.8CVSS
7.2AI Score
0.974EPSS
Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets...
7.5CVSS
7.4AI Score
0.0004EPSS
Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus
[CVE-2023-27100 - pfSense Anti-brute force protection bypass]...
9.8CVSS
7.3AI Score
0.002EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
8AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.1AI Score
0.0004EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
6.7AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.8AI Score
0.0004EPSS
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of a....
8.1CVSS
7.8AI Score
0.0004EPSS
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
7.8CVSS
6.8AI Score
EPSS
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....
7.4AI Score