Unbreakable Enterprise kernel security update
[5.4.17-2136.306.1.3] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203] [5.4.17-2136.306.1.1] - netfilter:...
7.8CVSS
0.9AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.306.1.3] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203] [5.4.17-2136.306.1.1] - netfilter:...
7.8CVSS
0.9AI Score
0.001EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
2.2AI Score
0.01EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
8.1AI Score
0.01EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
8.2AI Score
0.01EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
0.01EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
8AI Score
0.01EPSS
NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3 The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs....
7.5CVSS
0.4AI Score
0.01EPSS
NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3 The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs....
7.5CVSS
0.4AI Score
0.01EPSS
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
7.5CVSS
8AI Score
0.01EPSS
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may result in the need...
5.9CVSS
8.5AI Score
0.01EPSS
Reallocation bug can trigger heap memory corruption
The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. Details The reallocation logic at yajl_buf.c#L64 may result in the need 32bit integer wrapping to 0 when need approaches a value of...
1.2AI Score
EPSS
5.9CVSS
6.2AI Score
0.001EPSS
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of...
7.6CVSS
0.001EPSS
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of...
7.6CVSS
7.5AI Score
0.001EPSS
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of...
7.6CVSS
7.6AI Score
0.001EPSS
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of...
7.6CVSS
7.8AI Score
0.001EPSS
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....
7.8CVSS
2.6AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 17 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source...
9.1CVSS
AI Score
0.003EPSS
Php-Malware-Finder - Detect Potentially Malicious PHP Files
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...
-0.4AI Score
AlmaLinux 8 : qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4690 advisory. Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue...
7.5CVSS
7.3AI Score
0.006EPSS
7.5CVSS
7.8AI Score
0.001EPSS
4.9CVSS
5.7AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
9.8CVSS
9.1AI Score
0.013EPSS
5.3CVSS
6.2AI Score
0.003EPSS
6CVSS
6.3AI Score
0.002EPSS
5.5CVSS
5.6AI Score
0.0005EPSS
8.1CVSS
8AI Score
0.331EPSS
8.1CVSS
8.3AI Score
0.226EPSS
6.1CVSS
6.7AI Score
0.003EPSS
Out-of-bounds Read in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-014 Vulnerability type: Out-of-bounds Read Threat level:...
5.5CVSS
0.3AI Score
0.001EPSS
Out-of-bounds Read in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-014 Vulnerability type: Out-of-bounds Read Threat level:...
7.5CVSS
0.3AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
7.5CVSS
5.5AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
5.5CVSS
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
5.5CVSS
5.6AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
5.5CVSS
1.4AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
5.5CVSS
5.6AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
5.5CVSS
1.4AI Score
0.001EPSS
CVE-2022-21688 Out-of-bounds Read in Onionshare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
7.5CVSS
7.8AI Score
0.001EPSS
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing......
7.5CVSS
5.5AI Score
0.001EPSS
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to...
10CVSS
-0.7AI Score
0.976EPSS
Feature-rich Onion Service manager for UNIX-like operating systems written in POSIX conformant shellscript A collection of Onion Services features implemented for Unix-like systems following the Portable Operating System Interface standard. WARNING: do not trust this repo yet, backup your hs keys.....
-0.2AI Score
Security Notice: NVIDIA Response to Log4j Vulnerabilities - December 2021
This notice is a response to the remote code execution vulnerabilities in the Log4j Java library, which is also known as Log4Shell. The CVE IDs of these vulnerabilities are as follows: CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 NVIDIA is aware of these vulnerabilities and is evaluating their...
10CVSS
1.8AI Score
0.976EPSS
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to...
10CVSS
9.7AI Score
0.976EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information...
4.4CVSS
5.3AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or...
7.5CVSS
7.3AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program...
4.4CVSS
5.3AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information...
4.1CVSS
4.2AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information...
4.4CVSS
5.1AI Score
0.0004EPSS