Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.8CVSS
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.2AI Score
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
5.3CVSS
6.6AI Score
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.3AI Score
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.3AI Score
CVE-2021-47572 net: nexthop: fix null pointer dereference when IPv6 is not enabled
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.1AI Score
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to...
6.2AI Score
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.4CVSS
8.8AI Score
In the Linux kernel, the following vulnerability has been resolved: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() of_match_device() may fail and returns a NULL pointer. In practice there is no known reasonable way to trigger this, but in case one is added in future,...
5.4AI Score
kernel security, bug fix, and enhancement update
[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
9.8CVSS
8AI Score
Virtuozzo Hybrid Infrastructure 6.1 Update 1.1 (6.1.1-36)
This update provides a stability improvement. Vulnerability id: VSTOR-86420 A stability fix for Backup...
7.3AI Score
Above - Invisible Network Protocol Sniffer
Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, <[email protected]> Pseudonym: Caster Version: 2.6 ...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() of_match_device() may fail and returns a NULL pointer. In practice there is no known reasonable way to trigger this, but in case one is added in...
6.7AI Score
In the Linux kernel, the following vulnerability has been resolved: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() of_match_device() may fail and returns a NULL pointer. In practice there is no known reasonable way to trigger this, but in case one is added in future,...
5.5AI Score
7.8CVSS
7AI Score
Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse
Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally...
10CVSS
7.8AI Score
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...
7.8CVSS
6.8AI Score
Linux kernel (AWS) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack...
7.8CVSS
7.5AI Score
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-3 advisory. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations...
7.8CVSS
6.8AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...
7.3AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
Vulnerabilities for packages: dask-gateway, request-1276, ggshield, kubeflow-pipelines, py3-idna, confluent-docker-utils, kubeflow-pipelines-visualization-server, kubeflow-katib, kubeflow-jupyter-web-app, py3-cassandra-medusa, k8s-sidecar,...
6.2AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: dask-gateway, reflex, kubeflow-pipelines-visualization-server, confluent-docker-utils,...
7.3AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.1AI Score
0.0004EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2024-27306 vulnerabilities
Vulnerabilities for packages: request-1276, py3-cassandra-medusa,...
6.3AI Score
0.0004EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...
7.3AI Score
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
7.3AI Score
7.3AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
GHSA-7GPW-8WMC-PM8G vulnerabilities
Vulnerabilities for packages: request-1276, py3-cassandra-medusa,...
7.3AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
7.3AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...
7.7AI Score
0.001EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: dask-gateway, reflex, kubeflow-pipelines-visualization-server, confluent-docker-utils,...
5.5AI Score
0.0004EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, request-1276, ggshield, kubeflow-pipelines, py3-idna, confluent-docker-utils, kubeflow-pipelines-visualization-server, kubeflow-katib, kubeflow-jupyter-web-app, py3-cassandra-medusa, k8s-sidecar,...
7.3AI Score
7.7AI Score
0.0004EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...
8.2CVSS
8AI Score
Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway
Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection...
7CVSS
6.1AI Score
EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2024-1694)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8.3AI Score
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1694)
The remote host is missing an update for the Huawei...
6.5CVSS
7AI Score