Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...
7.8CVSS
7.5AI Score
0.001EPSS
RHEL 9 : nghttp2 (RHSA-2024:3875)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...
5.3CVSS
5.5AI Score
0.0004EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.5AI Score
RHEL 9 : expat (RHSA-2024:3926)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...
7.5CVSS
10AI Score
0.001EPSS
SUSE SLES12 Security Update : cups (SUSE-SU-2024:2002-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2002-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system....
4.4CVSS
4.6AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...
7.5AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...
9.8CVSS
10AI Score
0.518EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...
4.4CVSS
4.7AI Score
0.0004EPSS
Fedora 39 : php (2024-52c23ef1ec)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...
9.8CVSS
8.8AI Score
0.973EPSS
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter,...
6.5CVSS
7.3AI Score
0.0004EPSS
RHEL 8 : dnsmasq (RHSA-2024:3877)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...
7.5CVSS
8.2AI Score
0.05EPSS
Oracle Linux 9 : python-idna (ELSA-2024-3846)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3846 advisory. [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 Tenable has extracted the preceding description...
6.4AI Score
EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...
6.5CVSS
7.4AI Score
EPSS
Idyllic < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Idyllic theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access....
6.5CVSS
5.8AI Score
0.0004EPSS
RHEL 6 : vert.x (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx ...
6.5CVSS
6.8AI Score
0.0004EPSS
PHP Scripting Language Installed (Windows)
The PHP scripting language is installed on the remote Windows host. Note that enabling the 'Perform thorough tests' setting will search the file system for the...
7.2AI Score
Newsletters < 4.9.6 - Reflected Cross-Site Scripting
Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
7.1CVSS
6.3AI Score
0.0004EPSS
YITH Custom Login < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The YITH Custom Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.7AI Score
0.0004EPSS
Rife Free < 2.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rife Free theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level....
6.5CVSS
5.8AI Score
0.0004EPSS
Pixgraphy < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Pixgraphy theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject.....
6.5CVSS
5.8AI Score
0.0004EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...
7.8CVSS
7AI Score
0.0004EPSS
[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...
8.8CVSS
7.6AI Score
EPSS
Debian dla-3825 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...
7.6AI Score
0.0004EPSS
Microsoft Windows Start Menu Software Version Enumeration
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. Note that the versions detected here do not necessarily...
7.1AI Score
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...
7.5CVSS
8.1AI Score
0.001EPSS
FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ...
6.5CVSS
5.1AI Score
0.0004EPSS
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...
7.5AI Score
0.0004EPSS
virt:kvm_utils1 security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...
5.5CVSS
7.2AI Score
0.0004EPSS
Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS
Oracle Linux 9 : ruby (ELSA-2024-3838)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle...
9.8CVSS
7.6AI Score
EPSS
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...
7.8AI Score
0.0004EPSS
Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read
Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,.....
4.9CVSS
6.7AI Score
0.001EPSS
Fedora 39 : tomcat (2024-2bf73514cd)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2bf73514cd advisory. This update includes a rebase from 9.0.83 to 9.0.89. * #2269611 CVE-2024-24549 tomcat:...
7AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
8.1CVSS
7.3AI Score
0.0004EPSS
TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The TemplatesNext OnePager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS
Theme < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Event theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
6.5CVSS
5.8AI Score
0.0004EPSS
Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it.....
8.5CVSS
7.2AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level....
5.9CVSS
5.7AI Score
0.0004EPSS
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit
The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...
8.2AI Score
7.4AI Score
Description The Kenta Blocks – Responsive Blocks and block templates library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.5CVSS
5.8AI Score
0.0004EPSS
6.4CVSS
5.7AI Score
0.001EPSS
CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3
CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3. A patched version of the package is...
6.7AI Score
0.0004EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...
2.3CVSS
6.8AI Score
0.0004EPSS
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...
2.3CVSS
6.8AI Score
0.0004EPSS