Oracle Linux 8 : tigervnc (ELSA-2024-3067)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3067 advisory. [1.13.1-8] - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530 [1.13.1-7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer...
7.3AI Score
Oracle Linux 8 : python-jinja2 (ELSA-2024-3102)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3102 advisory. [2.10.1-4] - Security fix for CVE-2024-22195 Resolves: RHEL-21347 [2.10.1-3] - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves:...
6.8AI Score
Oracle Linux 8 : xorg-x11-server (ELSA-2024-2995)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2995 advisory. [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-21] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885,...
7.1AI Score
Oracle Linux 8 : gstreamer1-plugins-good (ELSA-2024-3089)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3089 advisory. [1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19469 Tenable has extracted the...
7AI Score
Oracle Linux 8 : python3.11 (ELSA-2024-3062)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3062 advisory. [3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for...
6.6AI Score
Oracle Linux 8 : gmp (ELSA-2024-3214)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3214 advisory. [1:6.1.2-11] - Fix: CVE-2021-43618 Resolves: RHEL-23055 Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.9AI Score
RHEL 8 : python3 (RHSA-2024:3391)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3391 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
6.9AI Score
Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix...
7.4AI Score
Oracle Linux 8 : edk2 (ELSA-2024-3017)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...
6AI Score
Oracle Linux 8 : perl-CPAN (ELSA-2024-3094)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3094 advisory. [2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for...
7AI Score
Oracle Linux 8 : python-pillow (ELSA-2024-3005)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3005 advisory. [5.1.1-20] - Security fix for CVE-2023-50447 Resolves: RHEL-22240 [5.1.1-19] - Security fix for CVE-2023-44271 Resolves: RHEL-15460 Tenable has...
6.6AI Score
Oracle Linux 8 : squashfs-tools (ELSA-2024-3139)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3139 advisory. [4.3-21] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated...
7.3AI Score
Oracle Linux 8 : python3.11-cryptography (ELSA-2024-3105)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3105 advisory. [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19831 Tenable has extracted the preceding description block directly from the Oracle Linux...
6.4AI Score
Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. [1.16.1-4.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-4] - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow -...
7.1AI Score
Oracle Linux 8 : perl-Convert-ASN1 (ELSA-2024-3049)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3049 advisory. [0.27-18] - Fix unsafe decoding in indef case (CVE-2013-7488) Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.8AI Score
Oracle Linux 8 : vorbis-tools (ELSA-2024-3095)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3095 advisory. [1:1.4.0-29] - fix out-of-bounds read in oggenc (CVE-2023-43361) Tenable has extracted the preceding description block directly from the Oracle Linux security...
6.7AI Score
Oracle Linux 8 : exempi (ELSA-2024-3066)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3066 advisory. [2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves: RHEL-5415 Tenable has extracted the preceding...
7.1AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.5AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") has re-opened rpc_pipefs_event() race against nfsd_net_id registration (register_pernet_subsys()) which has been fixed by....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be o...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times). 7....
6.5AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...
6.3CVSS
7.9AI Score
0.0004EPSS
This Week in Spring - May 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it will be! I'm in Venice, Italy, on a little vacation, but tomorrow I begin a quick journey to beautiful Sofia, Bulgaria, where I'll be speaking at the amazing JPrime software show (it's my first time speaking....
7AI Score
7.1AI Score
0.0004EPSS
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score
Updated mariadb packages fix security vulnerability and bugs
Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor...
7.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: rust-tealdeer-1.6.1-8.fc40
Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching...
7.4AI Score
[SECURITY] Fedora 40 Update: rust-ssh-key-dir-0.1.4-8.fc40
sshd AuthorizedKeysCommand to read key files from...
7.2AI Score
[SECURITY] Fedora 40 Update: rust-silver-2.0.1-8.fc40
A cross-shell customizable powerline-like prompt with...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-sequoia-policy-config-0.6.0-8.fc40
Configure Sequoia using a configuration...
7.3AI Score
7.4AI Score
[SECURITY] Fedora 40 Update: rust-local_ipaddress-0.1.3-8.fc40
Get your local IP address without...
7.1AI Score
7.3AI Score
[SECURITY] Fedora 40 Update: rust-ifcfg-devname-1.1.0-8.fc40
Udev helper utility that provides network interface naming using ifcfg conf...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-copydeps-5.0.1-8.fc40
Find and copy all the .so / .dll files needed by an...
7.3AI Score
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
7.2AI Score
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
7AI Score
svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST...
7.7AI Score
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") has re-opened rpc_pipefs_event() race against nfsd_net_id registration (register_pernet_subsys()) which has been fixed by....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times)....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be o...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") has re-opened rpc_pipefs_event() race against nfsd_net_id registration (register_pernet_subsys()) which has been fixed...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the...
7.2AI Score
0.0004EPSS