Lucene search

K

Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

mageia
mageia

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

7.6AI Score

0.0004EPSS

2024-06-16 02:07 AM
5
ics
ics

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
1
ics
ics

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-06-13 12:00 PM
ics
ics

Siemens ST7 ScadaConnect

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.732EPSS

2024-06-13 12:00 PM
nvd
nvd

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

0.0004EPSS

2024-06-12 09:15 AM
3
cve
cve

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

5.1AI Score

0.0004EPSS

2024-06-12 09:15 AM
19
debiancve
debiancve

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

5.1AI Score

0.0004EPSS

2024-06-12 09:15 AM
6
cvelist
cvelist

CVE-2024-5742 Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

0.0004EPSS

2024-06-12 08:53 AM
2
nessus
nessus

openSUSE 15 Security Update : nano (openSUSE-SU-2024:0157-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0157-1 advisory. - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) Tenable has extracted the preceding description...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-06-12 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-30212

[![CVSS3][cvss3-shield]][cvss4-url]...

7.3AI Score

2024-06-11 09:13 AM
55
ubuntucve
ubuntucve

CVE-2024-5742

running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2277586 Notes Author| Note ---|--- | Priority reason: Uncommon attack scenario mdeslaur | only an issue if...

4.7CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
redhatcve
redhatcve

CVE-2024-5742

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

7AI Score

0.0004EPSS

2024-06-07 12:31 PM
3
f5
f5

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

7.5CVSS

7.6AI Score

0.004EPSS

2024-06-05 12:00 AM
4
github
github

Unable to generate the correct character set

Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....

9.8CVSS

6.5AI Score

0.001EPSS

2024-06-04 06:40 PM
5
osv
osv

Unable to generate the correct character set

Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....

9.8CVSS

6.5AI Score

0.001EPSS

2024-06-04 06:40 PM
2
github
github

nano-id reduced entropy due to inadequate character set usage

Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...

7AI Score

2024-06-04 05:49 PM
2
osv
osv

nano-id reduced entropy due to inadequate character set usage

Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...

9.8CVSS

7AI Score

0.001EPSS

2024-06-04 05:49 PM
3
nvd
nvd

CVE-2024-36400

nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...

9.8CVSS

9.1AI Score

0.001EPSS

2024-06-04 03:15 PM
1
cve
cve

CVE-2024-36400

nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...

9.8CVSS

6.9AI Score

0.001EPSS

2024-06-04 03:15 PM
21
osv
osv

CVE-2024-36400

nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...

9.8CVSS

6.7AI Score

0.001EPSS

2024-06-04 03:15 PM
1
cvelist
cvelist

CVE-2024-36400 nano-id is unable to generate the correct character set

nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...

9.4CVSS

9.1AI Score

0.001EPSS

2024-06-04 02:11 PM
1
vulnrichment
vulnrichment

CVE-2024-36400 nano-id is unable to generate the correct character set

nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...

9.4CVSS

6.7AI Score

0.001EPSS

2024-06-04 02:11 PM
osv
osv

Reduced entropy due to inadequate character set usage

Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...

9.8CVSS

7AI Score

0.001EPSS

2024-06-03 12:00 PM
1
nessus
nessus

RHEL 3 : nano (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nano: multiple file editing insecurities (CVE-2010-1160, CVE-2010-1161) Note that Nessus has not tested...

7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 4 : nano (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nano: multiple file editing insecurities (CVE-2010-1160, CVE-2010-1161) Note that Nessus has not tested...

7AI Score

0.0004EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : nano (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nano: multiple file editing insecurities (CVE-2010-1160, CVE-2010-1161) Note that Nessus has not tested...

7AI Score

0.0004EPSS

2024-06-03 12:00 AM
redhatcve
redhatcve

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

5.5CVSS

7AI Score

0.0004EPSS

2024-06-02 03:00 PM
4
githubexploit

8.6CVSS

8.5AI Score

0.945EPSS

2024-06-02 06:17 AM
3
githubexploit

8.6CVSS

6AI Score

0.945EPSS

2024-06-02 06:17 AM
13
debiancve
debiancve

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
nvd
nvd

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
cve
cve

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cvelist
cvelist

CVE-2024-36884 iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

6.3AI Score

0.0004EPSS

2024-05-30 03:28 PM
1
ubuntucve
ubuntucve

CVE-2024-36884

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the 'void *' was changed to a...

5.5CVSS

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
openvas
openvas

Fedora: Security Advisory for nano (FEDORA-2024-93f31f5de6)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for nano (FEDORA-2024-8abde32a6e)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
3
talosblog
talosblog

Talos releases new macOS open-source fuzzer

Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...

6.6AI Score

2024-05-16 12:00 PM
7
fedora
fedora

[SECURITY] Fedora 39 Update: nano-7.2-5.fc39

GNU nano is a small and friendly text...

7.3AI Score

2024-05-15 03:17 PM
4
nessus
nessus

Fedora 39 : nano (2024-8abde32a6e)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8abde32a6e advisory. fix emergency file replacement vulnerability Resolves: rhbz#2277586 Tenable has extracted the preceding description block directly from the Fedora security...

7.4AI Score

2024-05-15 12:00 AM
3
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

8.3AI Score

EPSS

2024-05-13 12:00 AM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...

8.3AI Score

EPSS

2024-05-13 12:00 AM
8
nessus
nessus

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) libxml2:...

9.5AI Score

0.019EPSS

2024-05-11 12:00 AM
12
nessus
nessus

RHEL 6 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...

9.9AI Score

0.106EPSS

2024-05-11 12:00 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: nano-7.2-7.fc40

GNU nano is a small and friendly text...

7.3AI Score

2024-05-07 05:22 AM
2
nessus
nessus

Fedora 40 : nano (2024-93f31f5de6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-93f31f5de6 advisory. fix emergency file replacement vulnerability Resolves: rhbz#2277586 (FEDORA-2024-93f31f5de6) Note that Nessus has not tested for this issue but has...

7.4AI Score

2024-05-07 12:00 AM
7
nessus
nessus

Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0614 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

9.8CVSS

8.5AI Score

0.073EPSS

2024-05-02 12:00 AM
4
nessus
nessus

Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

9.8CVSS

8.9AI Score

0.304EPSS

2024-05-02 12:00 AM
6
kitploit
kitploit

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....

6.7AI Score

2024-04-15 12:30 PM
19
ics
ics

Siemens Telecontrol Server Basic

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.7AI Score

0.063EPSS

2024-04-11 12:00 PM
13
mskb
mskb

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024 REMINDER Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates. Windows...

6.9AI Score

2024-03-12 12:00 AM
58
Total number of security vulnerabilities1270