(RHSA-2024:3486) Moderate: gdisk security update
The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master....
7.3AI Score
0.001EPSS
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......
6.4CVSS
5.8AI Score
0.0004EPSS
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......
6.4CVSS
5.9AI Score
0.0004EPSS
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
7.1AI Score
chromium is vulnerable to a Type Confusion. The vulnerability is due to improper handling of object types, potentially allowing a remote attacker to execute arbitrary read/write operations via a crafted HTML...
8.6AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1753)
The remote host is missing an update for the Huawei...
8.3CVSS
7.1AI Score
0.025EPSS
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)
The remote host is missing an update for the Huawei...
7.5CVSS
7AI Score
0.962EPSS
EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1742)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7.8AI Score
0.962EPSS
RHEL 8 : gdisk (RHSA-2024:3486)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...
6.8CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...
7.5CVSS
7.5AI Score
0.962EPSS
EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)
According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
5.9CVSS
7.8AI Score
0.962EPSS
7.9CVSS
6.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...
7.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)
The remote host is missing an update for the Huawei...
5.9CVSS
7AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)
The remote host is missing an update for the Huawei...
5.9CVSS
7AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)
The remote host is missing an update for the Huawei...
5.9CVSS
7AI Score
0.962EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
9.3CVSS
7.1AI Score
0.001EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1776)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.3CVSS
8.4AI Score
0.025EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1776)
The remote host is missing an update for the Huawei...
8.3CVSS
7.1AI Score
0.025EPSS
EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)
According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
5.9CVSS
7.3AI Score
0.962EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)
The remote host is missing an update for the Huawei...
5.9CVSS
7AI Score
0.962EPSS
9CVSS
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)
The remote host is missing an update for the Huawei...
7.5CVSS
7AI Score
0.962EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1753)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
8.3CVSS
8.4AI Score
0.025EPSS
EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7.4AI Score
0.962EPSS
EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...
7.5CVSS
7.5AI Score
0.962EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8 was causing a remap operation like the below. op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a....
7.2AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git (SUSE-SU-2024:1807-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1807-1 advisory. - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic.....
9CVSS
8.2AI Score
0.001EPSS
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...
7.6AI Score
0.962EPSS
Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a...
7.5AI Score
0.962EPSS
Is Your Computer Part of ‘The Largest Botnet Ever?’
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...
7.4AI Score
New Generative AI category added to Talos reputation services
Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...
6.8AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
6.8AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.7AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.3AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
6.6AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.3AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.9AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
5.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
6.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential...
6.5CVSS
6.5AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
5.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
6.3AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
6.9AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed...
5.3CVSS
5.2AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
5.3AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to...
5.3CVSS
6.7AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
4.8CVSS
6.8AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
4.8CVSS
6.6AI Score
0.0004EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker....
4.8CVSS
5AI Score
0.0004EPSS