[SECURITY] [DLA 3516-1] burp security update
Debian LTS Advisory DLA-3516-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 05, 2023 https://wiki.debian.org/LTS Package : burp Version : 2.1.32-2+deb10u1 CVE ID :...
7.5CVSS
8AI Score
0.01EPSS
Debian DLA-3516-1 : burp - LTS security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3516 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...
7.5CVSS
8.2AI Score
0.01EPSS
Fedora 37 : yajl (2023-852b377773)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-852b377773 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...
7.5CVSS
8.3AI Score
0.01EPSS
EulerOS Virtualization 3.0.6.6 : libxml2 (EulerOS-SA-2023-2412)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
7.8CVSS
6.7AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2412)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
Amazon Linux 2023 : yajl, yajl-devel (ALAS2023-2023-263)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-263 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when...
7.5CVSS
8.1AI Score
0.01EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
The Log4j vulnerability, also known as "Log4Shell" or...
10CVSS
10AI Score
0.976EPSS
Ubuntu 16.04 ESM / 18.04 ESM : YAJL vulnerabilities (USN-6233-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6233-1 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with...
7.5CVSS
8.2AI Score
0.01EPSS
Fedora 38 : yajl (2023-00572178e1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-00572178e1 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...
7.5CVSS
8.3AI Score
0.01EPSS
7.5CVSS
7.3AI Score
0.01EPSS
[SECURITY] [DLA 3492-1] yajl security update
Debian LTS Advisory DLA-3492-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 11, 2023 https://wiki.debian.org/LTS Package : yajl Version : 2.1.0-3+deb10u2 CVE ID :...
7.5CVSS
8.1AI Score
0.01EPSS
Debian DLA-3492-1 : yajl - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3492 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...
7.5CVSS
7.7AI Score
0.01EPSS
7.8CVSS
7.7AI Score
0.001EPSS
Qualys Performance Tuning Series: Qualys Cloud Agent Configuration Best Practice
The following blog is part of our Qualys Performance Tuning Series. The first blog covered the topic of optimizing performance through the removal of stale assets. This series aims to provide you with comprehensive guidance on how to enhance the efficiency and effectiveness of your Qualys...
7.3AI Score
9.1CVSS
7.3AI Score
0.008EPSS
Amazon Linux 2 : yajl (ALAS-2023-2101)
The version of yajl installed on the remote host is prior to 2.0.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2101 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...
7.5CVSS
7.9AI Score
0.01EPSS
NVIDIA Linux GPU Display Driver (Jun 2023)
The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with...
7.8CVSS
7.6AI Score
0.001EPSS
NVIDIA Windows GPU Display Driver (Jun 2023)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities, as follows: NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code...
8.8CVSS
8.5AI Score
0.001EPSS
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary...
6.7CVSS
6.7AI Score
0.0004EPSS
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...
5.5CVSS
5.6AI Score
0.0004EPSS
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...
5.5CVSS
4.7AI Score
0.0004EPSS
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
6.8CVSS
6.9AI Score
0.001EPSS
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
7.1CVSS
6.6AI Score
0.001EPSS
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
6.8CVSS
6.6AI Score
0.001EPSS
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...
5.5CVSS
5.7AI Score
0.0004EPSS
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...
4.4CVSS
6AI Score
0.0004EPSS
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
7.1CVSS
7.1AI Score
0.001EPSS
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....
7.1CVSS
6.9AI Score
0.001EPSS
Issue Overview: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may...
7.5CVSS
8.3AI Score
0.01EPSS
Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher
This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of...
7.8AI Score
EulerOS Virtualization 3.0.6.0 : yajl (EulerOS-SA-2023-2217)
According to the versions of the yajl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...
7.5CVSS
7.9AI Score
0.01EPSS
EulerOS Virtualization 3.0.6.0 : libxml2 (EulerOS-SA-2023-2212)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709) An issue was discovered in libxml2...
7.8CVSS
6AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-2217)
The remote host is missing an update for the Huawei...
7.5CVSS
7.7AI Score
0.01EPSS
EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2023-2039)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
7.8CVSS
6.7AI Score
0.004EPSS
EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2023-2091)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
7.8CVSS
6.7AI Score
0.004EPSS
EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2023-1924)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
6.7AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1924)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1893)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2023-1893)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
6.7AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1726)
The remote host is missing an update for the Huawei...
7.5CVSS
7.7AI Score
0.01EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1740)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
EulerOS Virtualization 3.0.2.0 : yajl (EulerOS-SA-2023-1726)
According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...
7.9AI Score
0.01EPSS
EulerOS Virtualization 3.0.2.0 : libxml2 (EulerOS-SA-2023-1740)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
6.7AI Score
0.004EPSS
Amazon Linux AMI : libxml2 (ALAS-2023-1743)
The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1743 advisory. parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the ...
8AI Score
0.017EPSS
Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. (CVE-2017-16931) GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in.....
8.8CVSS
7.4AI Score
0.017EPSS
EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2023-1660)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
7.7AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1626)
The remote host is missing an update for the Huawei...
7.8CVSS
8.5AI Score
0.004EPSS
EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-1626)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...
8AI Score
0.004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.318.7.1.el7] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time (Alexandre Chartre) [Orabug: 33312587] - KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set (Alexandru Elisei) [Orabug: 33312587] - KVM: arm64: pmu: Only handle supported event...
8.8CVSS
7.9AI Score
0.0004EPSS