Fedora 38 : kernel (2024-f35f9525d6)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.4AI Score
0.0004EPSS
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.011EPSS
Fedora 40 : kernel (2024-010fe8772a)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.5AI Score
0.0004EPSS
Fedora 39 : kernel (2024-bc0db39a14)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lo...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page......
6.4AI Score
0.0004EPSS
CVE-2024-27002 clk: mediatek: Do a runtime PM get on controllers during probe
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...
7.5AI Score
0.0004EPSS
CVE-2024-26960 mm: swap: fix race between free_swap_and_cache() and swapoff()
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
6.8AI Score
0.0004EPSS
CVE-2024-26960 mm: swap: fix race between free_swap_and_cache() and swapoff()
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
7.8AI Score
0.0004EPSS
CVE-2024-26953 net: esp: fix bad handling of pages from page_pool
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lo...
7.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
7.8CVSS
8AI Score
EPSS
Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery
Description The Smart Maintenance Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...
7.6AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
Windows Registry Security Descriptor Utility
Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: security_info: sd: In WRITE mode, the FILE option can be used to specify the information needed.....
7.2AI Score
Where does your software (really) come from?
Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the ultimate, universal machine. It's not alive, but it has a lifecycle. It starts out as source code--just text files, sitting in a repository somewhere--and then later....
6.9AI Score
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...
7.4AI Score
SEW-EURODRIVE MOVITOOLS MotionStudio (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to...
7.5CVSS
7.5AI Score
0.002EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.118/.119 for Windows, Mac and 124.0.6367.118 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.118 for Mac and Windows.....
7.7AI Score
0.0004EPSS
Foxit Reader ComboBox widget Format event use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript.....
8.8CVSS
7.7AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....
7AI Score
0.0004EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...
7.3AI Score
0.0004EPSS
Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System
Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...
5.3CVSS
5.7AI Score
0.002EPSS
CodeQL zero to hero part 3: Security research with CodeQL
I've written a bit in the past about static analysis (CodeQL zero to hero part 1: Fundamentals of static analysis) and basics of writing CodeQL queries (CodeQL zero to hero part 2: Getting started with CodeQL). Today, I want to dig deeper about CodeQL and talk about variant analysis, writing a...
8.3AI Score
Fedora 38 : python-fastapi / python-starlette (2023-9d50269499)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-9d50269499 advisory. python-starlette 0.25.0 ### Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser ## python-fastapi...
7.3AI Score
Qi Addons For Elementor < 1.7.1 - Contributor+ Stored XSS
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...
6.4CVSS
5.8AI Score
0.0004EPSS
Fedora 40 : wordpress (2024-e6d3143991)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e6d3143991 advisory. Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release Security updates included in this release * A cross-site scripting (XSS)...
6.3AI Score
Fedora 37 : rust (2023-19bcafe341)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and...
5.9CVSS
6.6AI Score
0.001EPSS
Fedora 39 : python-fastapi / python-starlette (2023-6c030b3c71)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6c030b3c71 advisory. python-starlette 0.25.0 ### Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser ## python-fastapi...
7.3AI Score
Fedora 40 : xen (2024-3a36322c4b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...
6.5CVSS
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....
6.2AI Score
0.0004EPSS
CVE-2022-48647 sfc: fix TX channel offset when using legacy interrupts
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....
6.4AI Score
0.0004EPSS
RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...
9.8CVSS
8.7AI Score
0.003EPSS
RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.8CVSS
9.8AI Score
0.972EPSS