Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

nessus
nessus

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
nessus
nessus

EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2024-1723)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...

7.5CVSS

7.4AI Score

0.05EPSS

2024-05-29 12:00 AM
1
nessus
nessus

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

8CVSS

7.2AI Score

EPSS

2024-05-29 12:00 AM
2
schneier
schneier

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

7.2AI Score

2024-05-28 11:09 AM
14
veracode
veracode

URL Injection

silverstripe/framework is vulnerable to a URL Injection vulnerability. The vulnerability is due to improper encoding of entities in the URL string, specifically in requests coming from Internet Explorer, which allows malicious JavaScript code to be directly inserted into the output content by...

7.4AI Score

2024-05-28 06:06 AM
1
packetstorm

7.4AI Score

0.0004EPSS

2024-05-28 12:00 AM
79
securelist
securelist

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI Score

2024-05-27 01:00 PM
9
redhatcve
redhatcve

CVE-2021-47506

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.7AI Score

0.0004EPSS

2024-05-27 11:00 AM
3
redhatcve
redhatcve

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

7.1AI Score

0.0004EPSS

2024-05-27 10:33 AM
2
redhatcve
redhatcve

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.5AI Score

0.0004EPSS

2024-05-27 08:30 AM
2
openvas
openvas

Fedora: Security Advisory for stalld (FEDORA-2024-d198253c42)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for stalld (FEDORA-2024-a047b1ca2d)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for stalld (FEDORA-2024-9205c35b11)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
osv
osv

BIT-hubble-relay-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....

7.3CVSS

6.7AI Score

0.001EPSS

2024-05-24 07:23 PM
2
debiancve
debiancve

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite...

7.1AI Score

0.0004EPSS

2024-05-24 03:15 PM
7
cve
cve

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

7.1AI Score

0.0004EPSS

2024-05-24 03:15 PM
25
nvd
nvd

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

6.9AI Score

0.0004EPSS

2024-05-24 03:15 PM
debiancve
debiancve

CVE-2021-47506

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.8AI Score

0.0004EPSS

2024-05-24 03:15 PM
2
nvd
nvd

CVE-2021-47506

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.7AI Score

0.0004EPSS

2024-05-24 03:15 PM
2
cve
cve

CVE-2021-47506

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.8AI Score

0.0004EPSS

2024-05-24 03:15 PM
23
vulnrichment
vulnrichment

CVE-2021-47544 tcp: fix page frag corruption on page fault

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

7.2AI Score

0.0004EPSS

2024-05-24 03:09 PM
1
cvelist
cvelist

CVE-2021-47544 tcp: fix page frag corruption on page fault

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

6.8AI Score

0.0004EPSS

2024-05-24 03:09 PM
vulnrichment
vulnrichment

CVE-2021-47506 nfsd: fix use-after-free due to delegation race

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

7AI Score

0.0004EPSS

2024-05-24 03:01 PM
1
cvelist
cvelist

CVE-2021-47506 nfsd: fix use-after-free due to delegation race

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.6AI Score

0.0004EPSS

2024-05-24 03:01 PM
thn
thn

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed...

7.9AI Score

2024-05-24 09:13 AM
1
ubuntucve
ubuntucve

CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....

6.9AI Score

0.0004EPSS

2024-05-24 12:00 AM
ubuntucve
ubuntucve

CVE-2021-47506

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...

6.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
1
krebs
krebs

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

6.8AI Score

2024-05-23 11:32 PM
3
talosblog
talosblog

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...

6.7AI Score

2024-05-23 06:00 PM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 114 vulnerabilities disclosed in 88...

10CVSS

9.3AI Score

EPSS

2024-05-23 03:00 PM
11
github
github

iFrames Bypass Origin Checks for Tauri API Access Control

Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...

5.9CVSS

7.4AI Score

0.0004EPSS

2024-05-23 02:11 PM
24
osv
osv

iFrames Bypass Origin Checks for Tauri API Access Control

Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-05-23 02:11 PM
4
rapid7blog
rapid7blog

The Take Command Summit: A Day of Resilience and Preparation

The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are...

7.5AI Score

2024-05-23 02:00 PM
5
thn
thn

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as....

2024-05-23 05:33 AM
cve
cve

CVE-2024-4783

The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-23 02:15 AM
27
nvd
nvd

CVE-2024-4783

The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 02:15 AM
cvelist
cvelist

CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

8.8CVSS

7.3AI Score

0.003EPSS

2024-05-23 12:00 AM
49
nessus
nessus

PostgreSQL 14.x < 14.12 / 15.x < 15.7 / 16.x < 16.3 Missing Authorization Check

The version of PostgreSQL installed on the remote host is 14 prior to 14.12, 15 prior to 15.7, or 16 prior to 16.3. As such, it is potentially affected by a vulnerability : Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database...

3.1CVSS

3.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
7
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

9.8CVSS

8AI Score

EPSS

2024-05-23 12:00 AM
11
github
github

Silverstripe SiteTree Creation Permission Vulnerability

A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to...

7.4AI Score

2024-05-22 07:03 PM
4
osv
osv

Silverstripe SiteTree Creation Permission Vulnerability

A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to...

7.4AI Score

2024-05-22 07:03 PM
5
github
github

gix traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS

8AI Score

0.0004EPSS

2024-05-22 02:05 PM
3
osv
osv

gix traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS

8AI Score

0.0004EPSS

2024-05-22 02:05 PM
3
debiancve
debiancve

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.7AI Score

0.0004EPSS

2024-05-22 07:15 AM
3
cve
cve

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.7AI Score

0.0004EPSS

2024-05-22 07:15 AM
28
nvd
nvd

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.5AI Score

0.0004EPSS

2024-05-22 07:15 AM
cvelist
cvelist

CVE-2021-47470 mm, slub: fix potential use-after-free in slab_debugfs_fops

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

6.4AI Score

0.0004EPSS

2024-05-22 06:23 AM
nessus
nessus

SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1740-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

7CVSS

7.3AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
nessus
nessus

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 36 for SLE 15 SP2) (SUSE-SU-2024:1712-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1712-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
Total number of security vulnerabilities38013