Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

nessus
nessus

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
6
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

9.8CVSS

7.5AI Score

0.011EPSS

2024-05-02 12:00 AM
6
nessus
nessus

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-02 12:00 AM
11
nessus
nessus

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
7
redhatcve
redhatcve

CVE-2024-27002

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lo...

7.1AI Score

0.0004EPSS

2024-05-01 07:19 PM
5
redhatcve
redhatcve

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

7.2AI Score

0.0004EPSS

2024-05-01 05:23 PM
7
redhatcve
redhatcve

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

7AI Score

0.0004EPSS

2024-05-01 05:23 PM
11
debiancve
debiancve

CVE-2024-27002

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...

6.6AI Score

0.0004EPSS

2024-05-01 06:15 AM
3
nvd
nvd

CVE-2024-27002

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...

7.3AI Score

0.0004EPSS

2024-05-01 06:15 AM
cve
cve

CVE-2024-27002

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...

6.2AI Score

0.0004EPSS

2024-05-01 06:15 AM
52
debiancve
debiancve

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

6.7AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
cve
cve

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

6.4AI Score

0.0004EPSS

2024-05-01 06:15 AM
50
nvd
nvd

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

7.4AI Score

0.0004EPSS

2024-05-01 06:15 AM
nvd
nvd

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

7.3AI Score

0.0004EPSS

2024-05-01 06:15 AM
cve
cve

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

6.3AI Score

0.0004EPSS

2024-05-01 06:15 AM
53
debiancve
debiancve

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page......

6.4AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
cvelist
cvelist

CVE-2024-27002 clk: mediatek: Do a runtime PM get on controllers during probe

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock -->...

7.5AI Score

0.0004EPSS

2024-05-01 05:28 AM
vulnrichment
vulnrichment

CVE-2024-26960 mm: swap: fix race between free_swap_and_cache() and swapoff()

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

6.8AI Score

0.0004EPSS

2024-05-01 05:19 AM
cvelist
cvelist

CVE-2024-26960 mm: swap: fix race between free_swap_and_cache() and swapoff()

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

7.8AI Score

0.0004EPSS

2024-05-01 05:19 AM
cvelist
cvelist

CVE-2024-26953 net: esp: fix bad handling of pages from page_pool

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

6.5AI Score

0.0004EPSS

2024-05-01 05:18 AM
ubuntucve
ubuntucve

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. B...

6.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
10
ubuntucve
ubuntucve

CVE-2024-27002

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lo...

7.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
3
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...

7.8CVSS

8AI Score

EPSS

2024-05-01 12:00 AM
12
wpvulndb
wpvulndb

Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery

Description The Smart Maintenance Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...

6.7AI Score

0.0004EPSS

2024-05-01 12:00 AM
5
ubuntucve
ubuntucve

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another...

7.6AI Score

0.0004EPSS

2024-05-01 12:00 AM
5
ibm
ibm

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129)

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....

6.5CVSS

7AI Score

0.001EPSS

2024-04-30 09:48 PM
12
metasploit
metasploit

Windows Registry Security Descriptor Utility

Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: security_info: sd: In WRITE mode, the FILE option can be used to specify the information needed.....

7.2AI Score

2024-04-30 06:57 PM
15
github
github

Where does your software (really) come from?

Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the ultimate, universal machine. It's not alive, but it has a lifecycle. It starts out as source code--just text files, sitting in a repository somewhere--and then later....

6.9AI Score

2024-04-30 04:35 PM
7
krebs
krebs

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

7.4AI Score

2024-04-30 01:34 PM
3
ics
ics

SEW-EURODRIVE MOVITOOLS MotionStudio (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to...

7.5CVSS

7.5AI Score

0.002EPSS

2024-04-30 12:00 PM
63
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.118/.119 for Windows, Mac and 124.0.6367.118 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.118 for Mac and Windows.....

7.7AI Score

0.0004EPSS

2024-04-30 12:00 AM
52
talos
talos

Foxit Reader ComboBox widget Format event use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript.....

8.8CVSS

7.7AI Score

0.001EPSS

2024-04-30 12:00 AM
9
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

7.8CVSS

7.5AI Score

EPSS

2024-04-30 12:00 AM
5
redhatcve
redhatcve

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....

7AI Score

0.0004EPSS

2024-04-29 04:37 PM
1
wordfence
wordfence

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...

7.3AI Score

0.0004EPSS

2024-04-29 03:04 PM
7
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System

Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...

5.3CVSS

5.7AI Score

0.002EPSS

2024-04-29 10:37 AM
18
github
github

CodeQL zero to hero part 3: Security research with CodeQL

I've written a bit in the past about static analysis (CodeQL zero to hero part 1: Fundamentals of static analysis) and basics of writing CodeQL queries (CodeQL zero to hero part 2: Getting started with CodeQL). Today, I want to dig deeper about CodeQL and talk about variant analysis, writing a...

8.3AI Score

2024-04-29 08:00 AM
13
nessus
nessus

Fedora 38 : python-fastapi / python-starlette (2023-9d50269499)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-9d50269499 advisory. python-starlette 0.25.0 ### Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser ## python-fastapi...

7.3AI Score

2024-04-29 12:00 AM
5
wpvulndb
wpvulndb

Qi Addons For Elementor < 1.7.1 - Contributor+ Stored XSS

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-29 12:00 AM
6
nessus
nessus

Fedora 40 : wordpress (2024-e6d3143991)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e6d3143991 advisory. Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release Security updates included in this release * A cross-site scripting (XSS)...

6.3AI Score

2024-04-29 12:00 AM
2
nessus
nessus

Fedora 37 : rust (2023-19bcafe341)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and...

5.9CVSS

6.6AI Score

0.001EPSS

2024-04-29 12:00 AM
2
nessus
nessus

Fedora 39 : python-fastapi / python-starlette (2023-6c030b3c71)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6c030b3c71 advisory. python-starlette 0.25.0 ### Fixed - Limit the number of fields and files when parsing multipart/form-data on the MultipartParser ## python-fastapi...

7.3AI Score

2024-04-29 12:00 AM
3
nessus
nessus

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...

6.5CVSS

7AI Score

0.0004EPSS

2024-04-29 12:00 AM
5
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

7.8CVSS

8AI Score

0.001EPSS

2024-04-29 12:00 AM
12
debiancve
debiancve

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the...

6.9AI Score

0.0004EPSS

2024-04-28 01:15 PM
3
nvd
nvd

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....

7.2AI Score

0.0004EPSS

2024-04-28 01:15 PM
cve
cve

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....

6.2AI Score

0.0004EPSS

2024-04-28 01:15 PM
31
cvelist
cvelist

CVE-2022-48647 sfc: fix TX channel offset when using legacy interrupts

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but that's not correct if efx_sepparate_tx_channels is false. In that case, the offset is 0 because the tx.....

6.4AI Score

0.0004EPSS

2024-04-28 01:00 PM
nessus
nessus

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

9.8CVSS

8.7AI Score

0.003EPSS

2024-04-28 12:00 AM
2
nessus
nessus

RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

9.8CVSS

9.8AI Score

0.972EPSS

2024-04-28 12:00 AM
6
Total number of security vulnerabilities38014