In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
6.6AI Score
0.0004EPSS
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.5AI Score
0.0004EPSS
Fedora 38 : thunderbird (2024-5361211b10)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5361211b10 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
AlmaLinux 8 : firefox (ALSA-2024:0955)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0955 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.8AI Score
0.0004EPSS
AlmaLinux 8 : thunderbird (ALSA-2024:0964)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0964 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
AlmaLinux 9 : thunderbird (ALSA-2024:0963)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0963 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
Security Advisory 0093 _._CSAF PDF Date: February 28, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 28, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-27889 CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Common Weakness Enumeration: CWE-89:...
8.8CVSS
9.3AI Score
0.001EPSS
AlmaLinux 9 : firefox (ALSA-2024:0952)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (translate, t, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed.....
6.1CVSS
6.4AI Score
0.0004EPSS
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (translate, t, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed.....
6.1CVSS
6.2AI Score
0.0004EPSS
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not...
7.5CVSS
6.7AI Score
0.0004EPSS
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not...
7.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.5CVSS
5.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
7.2AI Score
0.0004EPSS
CVE-2021-46945 ext4: always panic when errors=panic is specified
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.8AI Score
0.0004EPSS
CVE-2021-46945 ext4: always panic when errors=panic is specified
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
7.2AI Score
0.0004EPSS
Mitsubishi Electric Multiple Factory Automation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.5AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
7.1AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.5AI Score
0.0004EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A...
9.8CVSS
8.1AI Score
0.975EPSS
Oracle Linux 8 : thunderbird (ELSA-2024-0964)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response...
9.6AI Score
0.0004EPSS
Oracle Linux 8 : firefox (ELSA-2024-0955)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit...
9.6AI Score
0.0004EPSS
Oracle Linux 9 : thunderbird (ELSA-2024-0963)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user...
9.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
6.5AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.7AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.9AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.8AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
7.4AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
7.2AI Score
0.0004EPSS
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...
7.4AI Score
CVE-2024-0387 EDS-4000/G4000 Series IP Forwarding Vulnerability
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.7AI Score
0.0004EPSS
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get started....
7.3AI Score
Oracle Linux 7 : thunderbird (ELSA-2024-0957)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0957 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...
9.6AI Score
0.0004EPSS
Oracle Linux 7 : firefox (ELSA-2024-0976)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0976 advisory. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...
9.6AI Score
0.0004EPSS
CentOS 7 : firefox (RHSA-2024:0976)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0976 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
Fedora 39 : thunderbird (2024-81863a1613)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-81863a1613 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
7.4AI Score
0.0004EPSS
CVE-2024-0439 User can manually send request at manager permission to modify system configurations
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:0608-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0608-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...
7.3AI Score
0.0004EPSS
Oracle Linux 9 : firefox (ELSA-2024-0952)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0952 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...
9.6AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:0607-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0607-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...
7.4AI Score
0.0004EPSS
Debian dsa-5630 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5630 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
7.3AI Score
0.0004EPSS
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...
7.1AI Score
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:0580-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0580-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an...
9.7AI Score
0.0004EPSS