NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information...
4.4CVSS
5.1AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or...
7.5CVSS
7.5AI Score
0.0004EPSS
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information...
4.4CVSS
5.3AI Score
0.0004EPSS
Security Notice: NVIDIA GPU and Tegra Hardware - November 2021
This notice is a response to a published research paper on vulnerabilities in Tegra systems on a chip (SOCs). Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1...
7.5CVSS
0.7AI Score
0.0004EPSS
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...
6.9AI Score
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...
6.9AI Score
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM...
5.5CVSS
5.4AI Score
0.0004EPSS
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary...
6.7CVSS
6.7AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.300.7] - KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526] - Revert KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page (Liam Merwick) [Orabug: 33450675] [5.4.17-2136.300.6] - Revert scsi: core: Cap scsi_host cmd_per_lun at can_queue...
7.8CVSS
-0.3AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.300.7.el7] - KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526] - Revert KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page (Liam Merwick) [Orabug: 33450675] [5.4.17-2136.300.6] - Revert scsi: core: Cap scsi_host cmd_per_lun at...
7.8CVSS
-0.3AI Score
0.0004EPSS
Pwncat - Fancy Reverse And Bind Shell Handler
pwncat is a post-exploitation platform for Linux targets . It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but...
7.2AI Score
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected...
4.3CVSS
4.5AI Score
0.001EPSS
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected...
4.3CVSS
0.001EPSS
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected...
4.3CVSS
4.5AI Score
0.001EPSS
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected...
4.9AI Score
0.001EPSS
Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way. Among the main...
7.6AI Score
nano-botox.dostavka2.me Cross Site Scripting vulnerability OBB-2132739
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
AI Score
EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC products Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
4.3CVSS
4.8AI Score
0.001EPSS
Exploit for Improper Restriction of XML External Entity Reference in Wordpress
CVE-2021-29447 Impact Arbitrary File Disclosure: the...
6.5CVSS
6.9AI Score
0.012EPSS
Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow(). The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...
9.8CVSS
9.1AI Score
0.004EPSS
Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow(). The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...
9.8CVSS
9.6AI Score
0.004EPSS
nano-botox-1rub.dostavka2.me Cross Site Scripting vulnerability OBB-2123499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
AI Score
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several...
7.2CVSS
6.3AI Score
0.0004EPSS
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel...
7.1CVSS
0.0004EPSS
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of...
4.4CVSS
5.3AI Score
0.0004EPSS
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all...
6.7CVSS
6.4AI Score
0.001EPSS
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel...
7.1CVSS
6.8AI Score
0.0004EPSS
NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all...
4.7CVSS
5.1AI Score
0.0004EPSS
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system...
7.8CVSS
7.4AI Score
0.0004EPSS
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the...
7.3CVSS
6.9AI Score
0.0004EPSS
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of...
5.5CVSS
6AI Score
0.0004EPSS
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the...
7.8CVSS
7.5AI Score
0.0004EPSS
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel...
7.1CVSS
7AI Score
0.0004EPSS
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel...
7.1CVSS
7.2AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.506.8] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...
7.8CVSS
-0.2AI Score
0.004EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.506.8.el7] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...
7.8CVSS
-0.2AI Score
0.004EPSS
Jetson Linux Permissions and Access Control Issues Vulnerability
Jetson Linux is an application software. High-performance, low-power computing for deep learning and computer vision makes it an ideal platform for compute-intensive projects. jetson Linux is vulnerable to a permission permission and access control issue that stems from nvmap allowing read-only...
7.8CVSS
3.4AI Score
0.0004EPSS
Jetson Linux Access Control Error Vulnerability
Jetson Linux is an application software. High-performance, low-power computing for deep learning and computer vision makes it an ideal platform for compute-intensive projects.Jetson Linux is vulnerable to an access control error that could be exploited by an attacker to cause code execution, a...
7.8CVSS
4.4AI Score
0.0004EPSS
Jetson Linux Input Validation Error Vulnerability
Jetson Linux is an application software. High-performance, low-power computing for deep learning and computer vision makes it an ideal platform for compute-intensive projects.Jetson Linux is vulnerable to an input validation error, which stems from an integer underflow caused by a lack of input...
7.3CVSS
3.2AI Score
0.0004EPSS
Jetson Linux Resource Management Error Vulnerability
Jetson Linux is an application software. High-performance, low-power computing for deep learning and computer vision makes it an ideal platform for compute-intensive projects.Jetson Linux is vulnerable to a resource management error vulnerability that stems from mismanagement of internal...
6.3CVSS
2.3AI Score
0.0004EPSS
Jetson Linux Input Validation Error Vulnerability (CNVD-2021-102834)
Jetson Linux is an application software. High-performance, low-power computing for deep learning and computer vision makes it an ideal platform for compute-intensive projects.Jetson Linux is vulnerable to an input validation error, which stems from inadequate validation of user-provided input in...
7.1CVSS
2.9AI Score
0.0004EPSS
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....
7.8CVSS
2.2AI Score
0.001EPSS
openSUSE 15 Security Update : icinga2 (openSUSE-SU-2021:1089-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1089-1 advisory. Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed,...
9.1CVSS
8.9AI Score
0.003EPSS
openSUSE: Security Advisory for icinga2 (openSUSE-SU-2021:1089-1)
The remote host is missing an update for...
9.1CVSS
8.8AI Score
0.003EPSS
In0ri - Defacement Detection With Deep Learning
In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize...
7.2AI Score
openSUSE 15 Security Update : icinga2 (openSUSE-SU-2021:1069-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1069-1 advisory. Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the...
9.1CVSS
-0.1AI Score
0.001EPSS
0.5AI Score
0.002EPSS
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)
The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. ...
-0.2AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert Allow mce to reset instead of panic on UE (William Roche) ...
7.8CVSS
0.1AI Score
0.004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert 'Allow mce to reset instead of panic on UE' (William...
7.8CVSS
0.1AI Score
0.004EPSS