Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

nessus
nessus

Debian dsa-5708 : cyrus-admin - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5708 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5708-1 [email protected] ...

6.5CVSS

6.7AI Score

0.0005EPSS

2024-06-11 12:00 AM
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 126.0.6478.54 (Linux) 126.0.6478.56/57( Windows, Mac) contains a number of fixes and improvements -- a list of changes is...

8.1AI Score

0.0004EPSS

2024-06-11 12:00 AM
8
openvas
openvas

Ubuntu: Security Advisory (USN-6821-2)

The remote host is missing an update for...

8CVSS

8AI Score

0.0004EPSS

2024-06-11 12:00 AM
2
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

10AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

8CVSS

8.9AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6821-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-3 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.6AI Score

0.0004EPSS

2024-06-11 12:00 AM
osv
osv

linux-oem-6.8 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-10 07:28 PM
1
github
github

Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 06:38 PM
1
osv
osv

Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 06:38 PM
2
github
github

`docker cp` allows unexpected chmod of host files in Moby Docker Engine

Impact A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...

6.3CVSS

6.5AI Score

0.0005EPSS

2024-06-10 06:38 PM
2
osv
osv

`docker cp` allows unexpected chmod of host files in Moby Docker Engine

Impact A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...

6.3CVSS

6.5AI Score

0.0005EPSS

2024-06-10 06:38 PM
impervablog
impervablog

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

10CVSS

8AI Score

EPSS

2024-06-10 06:05 PM
18
nvd
nvd

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 05:16 PM
4
cve
cve

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

5.3CVSS

4.4AI Score

0.0005EPSS

2024-06-10 05:16 PM
26
osv
osv

linux-gkeop, linux-gkeop-5.15, linux-kvm vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-10 05:13 PM
1
wallarmlab
wallarmlab

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating....

9.8CVSS

10AI Score

0.0004EPSS

2024-06-10 04:52 PM
27
cvelist
cvelist

CVE-2024-35749 WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

3.7CVSS

0.0005EPSS

2024-06-10 04:39 PM
2
vulnrichment
vulnrichment

CVE-2024-35749 WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

3.7CVSS

7AI Score

0.0005EPSS

2024-06-10 04:39 PM
thn
thn

Cybersecurity CPEs: Unraveling the What, Why & How

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs...

7.2AI Score

2024-06-10 11:31 AM
1
packetstorm

7AI Score

0.0004EPSS

2024-06-10 12:00 AM
62
openvas
openvas

Ubuntu: Security Advisory (USN-6820-1)

The remote host is missing an update for...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-10 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6816-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-10 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6817-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-10 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6821-1)

The remote host is missing an update for...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-10 12:00 AM
1
spring
spring

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,.....

7AI Score

2024-06-10 12:00 AM
1
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-gkeop-5.15 - Linux kernel for Google Container Engine (GKE) systems linux-kvm - Linux kernel for cloud environments Details It was discovered that the ATA over...

8CVSS

8.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
3
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.9AI Score

0.0005EPSS

2024-06-10 12:00 AM
1
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.1AI Score

0.0004EPSS

2024-06-10 12:00 AM
1
nvd
nvd

CVE-2024-30485

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-09 11:15 AM
2
cve
cve

CVE-2024-30485

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-09 11:15 AM
29
cvelist
cvelist

CVE-2024-30485 WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-09 10:58 AM
1
wired
wired

Apple Is Coming for Your Password Manager

Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his...

7.3AI Score

2024-06-08 10:30 AM
4
thn
thn

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing...

6.7AI Score

2024-06-08 06:54 AM
1
nvd
nvd

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

0.001EPSS

2024-06-08 06:15 AM
2
cve
cve

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
vulnrichment
vulnrichment

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

6.5AI Score

0.001EPSS

2024-06-08 05:44 AM
1
cvelist
cvelist

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

0.001EPSS

2024-06-08 05:44 AM
3
osv
osv

linux-gke, linux-ibm, linux-intel-iotg, linux-oracle vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

9.1AI Score

0.0004EPSS

2024-06-07 10:51 PM
1
osv
osv

linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.9AI Score

0.0004EPSS

2024-06-07 10:40 PM
1
schneier
schneier

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI Score

2024-06-07 08:55 PM
4
osv
osv

linux-aws, linux-gcp vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8.8AI Score

0.0005EPSS

2024-06-07 06:49 PM
osv
osv

linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-07 06:18 PM
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
4
cve
cve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-07 01:15 AM
7
nvd
nvd

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

0.0004EPSS

2024-06-07 01:15 AM
1
debiancve
debiancve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-07 01:15 AM
cvelist
cvelist

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

0.0004EPSS

2024-06-07 12:14 AM
2
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6821-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

8.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
3
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6820-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.9AI Score

0.0005EPSS

2024-06-07 12:00 AM
1
Total number of security vulnerabilities38013