Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
7.5CVSS
7.2AI Score
0.05EPSS
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.2AI Score
0.0004EPSS
Moderate: sssd security update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.1CVSS
7.1AI Score
0.0004EPSS
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...
7.8CVSS
7.7AI Score
0.001EPSS
Moderate: squashfs-tools security update
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fix(es): squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) squashfs-tools: possible Directory...
8.1CVSS
6.7AI Score
0.009EPSS
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in...
7AI Score
Evmos allows unvested token delegations in github.com/evmos/evmos/v10
Evmos allows unvested token delegations in...
5.3CVSS
5.3AI Score
0.0004EPSS
go-grpc-compression has a zstd decompression bombing vulnerability in...
7.1AI Score
malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o
malicious container creates symlink "mtab" on the host External in...
8.1CVSS
8.1AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
Ollama does not validate the format of the digest (sha256 with 64 hex digits) in...
6.8AI Score
EPSS
apko Exposure of HTTP basic auth credentials in log output in chainguard.dev/apko
apko Exposure of HTTP basic auth credentials in log output in...
7.5CVSS
7.5AI Score
0.0004EPSS
Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos/v10
Contract balance not updating correctly after interchain transaction in...
7.5CVSS
7.5AI Score
0.0004EPSS
Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd/v2
Unauthenticated Access to sensitive settings in Argo CD in...
5.3CVSS
5.1AI Score
0.0004EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in...
8.2CVSS
8.2AI Score
0.0004EPSS
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in github.com/traefik/traefik
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in...
6.3AI Score
0.0004EPSS
`docker cp` allows unexpected chmod of host files in Moby Docker Engine in github.com/docker/docker
docker cp allows unexpected chmod of host files in Moby Docker Engine in...
6.3CVSS
6.3AI Score
0.0005EPSS
Files or Directories Accessible to External Parties in ProjectDiscovery in...
9.8CVSS
9.4AI Score
0.001EPSS
4.3CVSS
6.7AI Score
0.001EPSS
SQL Injection in Harbor scan log API in github.com/goharbor/harbor
SQL Injection in Harbor scan log API in...
2.7CVSS
8.1AI Score
0.0004EPSS
evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10
evmos allows transferring unvested tokens after delegations in...
3.5CVSS
3.9AI Score
0.0004EPSS
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....
6.8AI Score
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....
7.2AI Score
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
6.9AI Score
0.0004EPSS
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
6.6AI Score
0.0004EPSS
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
6AI Score
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
6AI Score
0.001EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
4.3AI Score
0.0005EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
8.5CVSS
6.7AI Score
0.005EPSS
7.4AI Score
0.0004EPSS
6.7AI Score
EPSS
6.9AI Score
0.0004EPSS
5.5CVSS
7.4AI Score
0.002EPSS
there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
0.0004EPSS
In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
0.0004EPSS
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.5AI Score
0.0004EPSS
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.8AI Score
0.0004EPSS
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for...
6AI Score
0.0004EPSS
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS