The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...
7.8CVSS
7.7AI Score
0.001EPSS
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....
6.8AI Score
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....
7.2AI Score
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.9AI Score
0.0004EPSS
Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
8.2CVSS
9.2AI Score
0.025EPSS
curl: Denial of Service in curl Request - HTTP headers eat all memory
Summary: Curl's unrestricted header storage lets malicious servers overwhelm memory, leading to out of Memory ( DOS) . When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on how many....
7AI Score
curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
Summary: Best-Fit is a character mapping strategy designed to resolve the issue when characters in the source code page lack a direct equivalent in the target code page. During the conversion of characters from a Unicode code page to a non-Unicode code page, if a corresponding character cannot be.....
9.8CVSS
7.2AI Score
0.973EPSS
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...
4CVSS
0.0004EPSS
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
7AI Score
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
7.1AI Score
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
7.1AI Score
0.0004EPSS
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...
4CVSS
7.1AI Score
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
0.0004EPSS
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
7.2AI Score
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
0.0004EPSS
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...
6.8CVSS
6.9AI Score
0.0004EPSS
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...
6.8CVSS
0.0004EPSS
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...
7.8CVSS
0.0004EPSS
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...
7.8CVSS
7.2AI Score
0.0004EPSS
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS
Exploit for Path Traversal in Solarwinds Serv-U
Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds...
8.6CVSS
7AI Score
0.113EPSS
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
7AI Score
0.0004EPSS
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
0.0004EPSS
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...
4CVSS
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
6.9AI Score
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
6.8AI Score
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
6.9AI Score
0.0004EPSS
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...
5.6CVSS
0.0004EPSS
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...
7.8CVSS
0.0004EPSS
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...
6.8CVSS
7.1AI Score
0.0004EPSS
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...
6.8CVSS
0.0004EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
2.9CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....
7AI Score
0.0004EPSS
An out-of-bounds access flaw was found in libarchive in the slurp_central_directory function at archive_read_support_format_zip.c. This vulnerability may be triggered if a ZIP archive has an empty name and the mac-ext is enabled. Mitigation Mitigation for this issue is either not available or the.....
6.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...
4.3CVSS
0.0004EPSS