In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.3AI Score
0.0004EPSS
CVE-2024-35905 bpf: Protect against int overflow for stack access size
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
6.8AI Score
0.0004EPSS
CVE-2024-35905 bpf: Protect against int overflow for stack access size
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
7.2AI Score
0.0004EPSS
CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.6AI Score
0.0004EPSS
CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.2AI Score
0.0004EPSS
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide
The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a)....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
6.8AI Score
0.0004EPSS
EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...
3.7CVSS
7.5AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...
6.5CVSS
7.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)
The remote host is missing an update for the Huawei...
6.5CVSS
7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)
The remote host is missing an update for the Huawei...
7.5CVSS
6.7AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2024-1682)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed,...
7.5CVSS
7.4AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2024-1706)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to...
6.5CVSS
7.4AI Score
0.003EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
6CVSS
5.7AI Score
0.0004EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
6CVSS
6.5AI Score
0.0004EPSS
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local...
6CVSS
5.7AI Score
0.0004EPSS
How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment
Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....
6.9AI Score
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9.2AI Score
0.009EPSS
Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...
6.5CVSS
6.6AI Score
0.0004EPSS
Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks
The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...
7.4AI Score
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6777-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-1 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the...
7.8CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6774-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6774-1 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect...
4.3CVSS
7.3AI Score
EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
3.7CVSS
7.1AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6776-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6776-1 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging...
4.3CVSS
7.4AI Score
0.0004EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6778-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6778-1 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was...
5.5CVSS
7.3AI Score
0.0004EPSS
[SECURITY] [DSA 5690-1] libreoffice security update
Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2024 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2024-3044 Amel...
6.6AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
7.5AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...
7.8CVSS
7.6AI Score
EPSS
According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform command....
8.7CVSS
7.9AI Score
0.0004EPSS
Debian dsa-5690 : fonts-opensymbol - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] ...
6AI Score
0.0004EPSS
Juniper Junos OS Vulnerability (JSA75751)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75751 advisory. An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated,...
4.3CVSS
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....
8.8CVSS
9AI Score
0.008EPSS