In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially)...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....
7AI Score
0.0004EPSS
CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...
7.1AI Score
0.0004EPSS
CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the...
0.0004EPSS
CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
0.0004EPSS
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...
0.0004EPSS
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm:...
7AI Score
0.0004EPSS
CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....
0.0004EPSS
CVE-2024-38565 wifi: ar5523: enable proper endpoint verification
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...
0.0004EPSS
CVE-2024-38565 wifi: ar5523: enable proper endpoint verification
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...
6.8AI Score
0.0004EPSS
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....
7.4AI Score
0.0004EPSS
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will....
0.0004EPSS
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...
6.8AI Score
Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....
5.3CVSS
6AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.937EPSS
Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...
8.1CVSS
7.6AI Score
0.732EPSS
Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...
4.7CVSS
10AI Score
0.0004EPSS
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
0.0004EPSS
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
6.7AI Score
0.0004EPSS
CVE-2024-5676 Paradox IP150 Internet Module Cross-Site Request Forgery
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
7AI Score
0.0004EPSS
CVE-2024-5676 Paradox IP150 Internet Module Cross-Site Request Forgery
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
0.0004EPSS
openSUSE: Security Advisory for less (SUSE-SU-2024:2060-1)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket() allow upload of...
0.0004EPSS
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
7.6AI Score
0.0004EPSS
Nextcloud Server is prone to an improper access control ...
8.1CVSS
7AI Score
0.0004EPSS
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...
0.0004EPSS
Foxit Reader Privilege Escalation Vulnerability (June 2024)
Foxit Reader is prone to a privilege escalation...
8.2CVSS
8.4AI Score
0.0004EPSS
openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2024:2061-1)
The remote host is missing an update for...
6.9AI Score
0.0004EPSS
openSUSE: Security Advisory for gdcm (openSUSE-SU-2024:0167-1)
The remote host is missing an update for...
8.1CVSS
7.1AI Score
0.001EPSS
9CVSS
9.2AI Score
0.002EPSS
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
0.0004EPSS
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
7.6AI Score
0.0004EPSS
openSUSE: Security Advisory for ghostscript (SUSE-SU-2024:1590-2)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : podman (SUSE-SU-2024:2050-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2050-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry...
8.3CVSS
8AI Score
0.0004EPSS
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection...
0.0004EPSS
Debian dla-3837 : libndp-dbg - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3837 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3837-1 [email protected] ...
8.1CVSS
7AI Score
0.0004EPSS
5.6CVSS
5.7AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:2051-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2051-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...
6.6AI Score
EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
6.9AI Score
0.0004EPSS
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2024:2065-1)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : booth (SUSE-SU-2024:2062-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2062-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...
5.9CVSS
5.7AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:2059-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2059-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the...
6.6AI Score
EPSS
Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose (JOSE for Erlang) is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of...
7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2066-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2066-1 advisory. Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before...
6.9AI Score
EPSS
AlmaLinux 8 : container-tools:rhel8 bug fix and enhancement update (Medium) (ALSA-2024:3968)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3968 advisory. * podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) * buildah: jose-go: improper handling of highly compressed data...
4.9CVSS
5.9AI Score
0.0005EPSS
In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
0.0004EPSS
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
0.0004EPSS
Fedora: Security Advisory for kitty (FEDORA-2024-15039ba9f9)
The remote host is missing an update for...
5.5CVSS
5.5AI Score
0.0004EPSS