AMD Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics “Renoir” AM4 Security Vulnerabilities
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID:...
7.3AI Score
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID:...
7.5AI Score
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...
7.5AI Score
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID:...
7.6AI Score
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID:...
7.6AI Score
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...
7.6AI Score
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID:...
7.6AI Score
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...
6.5AI Score
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...
7.5AI Score
Malicious code in roblox.lua (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e40a28a758bd57252f74153dd5b2a9b6358608bfa2ec08c301e3647a7721e35a) The OpenSSF Package Analysis project identified 'roblox.lua' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
(RHSA-2024:2696) Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) A...
8CVSS
7.7AI Score
0.037EPSS
Top 9 Compliance Automation Software in 2024
By Uzair Amir Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise. This is a post from HackRead.com Read the original post: Top 9...
7.4AI Score
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
7.4AI Score
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...
7.3AI Score
Malicious code in threadxpools (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105) The OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in zxcvbnmmmmmmkjhgfdssss (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8a752311495084af562274cafb23e80b14975e577ef5aa0af0728f4b95eb14f1) The OpenSSF Package Analysis project identified 'zxcvbnmmmmmmkjhgfdssss' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Malicious code in @assurantlabs/home-device-inventory (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f) The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 (npm) as malicious. It is considered malicious...
7.3AI Score
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...
7.4AI Score
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....
7.3AI Score
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...
7AI Score
0.0004EPSS
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...
7.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
[SECURITY] Fedora 38 Update: gdcm-3.0.21-4.fc38
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
[SECURITY] Fedora 39 Update: gdcm-3.0.23-5.fc39
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
Apache Commons BCEL: Remote Code Execution
Background The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier.....
9.8CVSS
7.4AI Score
0.032EPSS
A Mind at Play: Rediscovering Minesweeper in the Professional Arena
By Uzair Amir Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click. This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the...
7.3AI Score
[SECURITY] [DLA 3808-1] intel-microcode security update
Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...
6.5CVSS
8AI Score
0.001EPSS
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 Overview is a bash...
9.8CVSS
7.3AI Score
0.966EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
Exploit for Code Injection in Cisco Adaptive Security Appliance Software
CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...
6CVSS
7.5AI Score
0.003EPSS
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...
9.8CVSS
7.5AI Score
0.0004EPSS
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...
4.3CVSS
7.1AI Score
0.001EPSS
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located).It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia.....
8.5CVSS
7.3AI Score
0.0004EPSS
Malicious code in @socialdeal/uikit-whitelabel (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d53c0749d21786a6b7eeea319c37d26573f1ded671dc9cbed9e4508d9b65a2c0) The OpenSSF Package Analysis project identified '@socialdeal/uikit-whitelabel' @ 999.100.1 (npm) as malicious. It is considered malicious...
7.3AI Score
Malicious code in ing-feat-grants-management (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b798bc5312e2cdb16a12e65a8a02a2a447f4af87bc9132258961b27b2314b60) The OpenSSF Package Analysis project identified 'ing-feat-grants-management' @ 999.100.1 (npm) as malicious. It is considered malicious because: ...
7.3AI Score
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to....
5.4CVSS
7.1AI Score
0.0004EPSS
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with...
8.8CVSS
7.6AI Score
0.001EPSS
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level.....
5.4CVSS
6.1AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: python-idna-3.7-1.fc38
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
[SECURITY] Fedora 39 Update: python-idna-3.7-1.fc39
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
[SECURITY] Debian 10 LTS will reach end-of-life on June 30th, 2024
Dear Debian LTS users, This is a gentle reminder that Debian 10 ("buster") will reach end of support as the LTS release on June 30, 2024. Users are encouraged to upgrade to Debian 11 ("bullseye"). Starting in July, Debian will not provide further security updates for Debian 10. A subset of buster.....
6.9AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score