Accordion & FAQ Security Vulnerabilities
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant...
7.3AI Score
PowerShell is subject to remote code execution vulnerability
Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability Executive Summary A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could....
8AI Score
PowerShell is subject to remote code execution vulnerability
Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability Executive Summary A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could....
8AI Score
0.037EPSS
Exploit for Out-of-bounds Write in Zlib
ZLIB DATA COMPRESSION LIBRARY zlib 1.2.8 is a general purpose...
7.1AI Score
0.003EPSS
AnyDesk < 8.0.8 Invalidated Signing Certificate
A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be...
7.5AI Score
[SECURITY] [DSA 5613-1] openjdk-17 security update
Debian Security Advisory DSA-5613-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2024 https://www.debian.org/security/faq Package : openjdk-17 CVE ID : CVE-2024-20918 CVE-2024-20919...
7.5CVSS
7.7AI Score
0.001EPSS
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...
7.5AI Score
0.001EPSS
Issue Overview: A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pam_namespace configured will cause the openat().....
6.6AI Score
0.0004EPSS
Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752) Affected Packages: snakeyaml...
6.7AI Score
0.003EPSS
Issue Overview: 2024-02-22: CVE-2023-42465 was removed from this advisory. 2024-02-22: The severity of this advisory has been changed from important to low. Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the...
7.1AI Score
0.001EPSS
Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote....
6.8AI Score
0.005EPSS
Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages....
6.8AI Score
0.009EPSS
Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. (CVE-2024-0741) It was possible for certain browser prompts a...
8.1AI Score
0.001EPSS
Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr...
6.2AI Score
0.001EPSS
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. (CVE-2024-20918) With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. (CVE-2024-20919) Loop...
8.1AI Score
0.001EPSS
Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr...
6.2AI Score
0.001EPSS
Issue Overview: A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073) Affected Packages: kernel...
7.1AI Score
0.0004EPSS
Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...
7AI Score
0.001EPSS
Issue Overview: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. (CVE-2022-41409) Affected Packages: pcre2 Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this...
7.1AI Score
0.0005EPSS
Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447) Affected Packages: python-pillow Note: This advisory is applicable...
7.2AI Score
0.003EPSS
Issue Overview: A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. (CVE-2024-0911) Affected Packages: indent Note: This advisory is applicable to Amazon Linux 2 (AL2) Core...
6.8AI Score
0.0004EPSS
Issue Overview: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file (CVE-2024-0209) Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository....
7.1AI Score
0.0005EPSS
Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within...
7.3AI Score
0.0004EPSS
Issue Overview: 2024-04-11: CVE-2023-42950 was added to this advisory. A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead....
9AI Score
0.001EPSS
[SECURITY] [DSA 5612-1] chromium security update
Debian Security Advisory DSA-5612-1 [email protected] https://www.debian.org/security/ Andres Salomon February 01, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-1059 CVE-2024-1060...
8.8CVSS
7.8AI Score
0.001EPSS
Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)
Introduction On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any.....
10CVSS
8.7AI Score
0.973EPSS
[SECURITY] [DSA 5611-1] glibc security update
Debian Security Advisory DSA-5611-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2024 https://www.debian.org/security/faq Package : glibc CVE ID : CVE-2023-6246 CVE-2023-6779...
7.5CVSS
8AI Score
0.001EPSS
[SECURITY] [DSA 5610-1] redis security update
Debian Security Advisory DSA-5610-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2024 https://www.debian.org/security/faq Package : redis CVE ID : CVE-2022-24834 CVE-2023-36824...
8.8CVSS
7.4AI Score
0.0004EPSS
[SECURITY] [DSA 5609-1] slurm-wlm security update
Debian Security Advisory DSA-5609-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 28, 2024 https://www.debian.org/security/faq Package : slurm-wlm CVE ID : CVE-2023-49933 CVE-2023-49936...
9.8CVSS
7.8AI Score
0.001EPSS
[SECURITY] [DSA 5608-1] gst-plugins-bad1.0 security update
Debian Security Advisory DSA-5608-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 27, 2024 https://www.debian.org/security/faq Package : gst-plugins-bad1.0 CVE ID : CVE-2024-0444 A...
7.6AI Score
[SECURITY] [DSA 5607-1] chromium security update
Debian Security Advisory DSA-5607-1 [email protected] https://www.debian.org/security/ Andres Salomon January 24, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-0804 CVE-2024-0805...
9.8CVSS
7.5AI Score
0.001EPSS
[SECURITY] [DSA 5606-1] firefox-esr security update
Debian Security Advisory DSA-5606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-0741 CVE-2024-0742...
8.8CVSS
7.5AI Score
0.001EPSS
[SECURITY] [DSA 5605-1] thunderbird security update
Debian Security Advisory DSA-5605-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2024-0741 CVE-2024-0742...
8.8CVSS
7.8AI Score
0.001EPSS
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...
6.8CVSS
7.8AI Score
0.0004EPSS
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...
6.8CVSS
7.5AI Score
0.0004EPSS
[SECURITY] [DSA 5604-1] openjdk-11 security update
Debian Security Advisory DSA-5604-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2024 https://www.debian.org/security/faq Package : openjdk-11 CVE ID : CVE-2024-20918 CVE-2024-20919...
7.4CVSS
7.7AI Score
0.001EPSS
[SECURITY] [DSA 5603-1] xorg-server security update
Debian Security Advisory DSA-5603-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 23, 2024 https://www.debian.org/security/faq Package : xorg-server CVE ID : CVE-2023-6816 CVE-2024-0229...
7.8CVSS
7.8AI Score
0.0004EPSS
Axis Communication Multiple IP Cameras Denial of Service (CVE-2018-10659)
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. This plugin only works with...
7.7AI Score
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. Bugs ...
8.9AI Score
0.001EPSS
Axis Communication Multiple IP Cameras Bypass of Access Control (CVE-2018-10661)
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.7AI Score
Axis Communication Multiple IP Cameras Exposed Insecure Interface (CVE-2018-10662)
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.6AI Score
Axis Communication Multiple IP Cameras Exposure of Sensitive Information (CVE-2018-10663)
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.7AI Score
Axis Communication Multiple IP Cameras Denial of Service (CVE-2018-10658)
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. This plugin only works with Tenable.ot. Please visit...
7.7AI Score
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. Bugs ...
7AI Score
0.001EPSS
Axis Communication Multiple IP Cameras Buffer Overflow (CVE-2018-10664)
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.6AI Score
Axis Communication Multiple IP Cameras Command Injection (CVE-2018-10660)
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.7AI Score
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Bugs ...
8.5AI Score
0.001EPSS
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. Bugs ...
5.7AI Score
0.001EPSS
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...
10CVSS
10AI Score
0.975EPSS
Issue Overview: When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a....
7AI Score
0.001EPSS