Ubuntu 20.04 LTS / 22.04 LTS : ImageProcessing vulnerability (USN-6675-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6675-1 advisory. image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the #apply method from...
9.8CVSS
7.1AI Score
0.003EPSS
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll."....
7.1AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6672-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6672-1 advisory. A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear...
7.5CVSS
7.2AI Score
0.001EPSS
Amazon Linux 2 : thunderbird (ALAS-2024-2477)
The version of thunderbird installed on the remote host is prior to 115.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2477 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
9.6AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages ruby-image-processing - High-level image processing wrapper for libvips and ImageMagick/GraphicsMagick Details It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user...
9.8CVSS
7.8AI Score
0.003EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4.2AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
7.2AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4.3AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
6.9AI Score
0.0004EPSS
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in...
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in...
7.5CVSS
7.5AI Score
0.0005EPSS
CVE-2023-33095 Reachable Assertion in Multi-Mode Call Processor
Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in...
7.5CVSS
7.8AI Score
0.0005EPSS
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...
9.8CVSS
10AI Score
0.059EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash....
8.8CVSS
8.3AI Score
0.001EPSS
Debian dla-3747 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
8AI Score
0.0004EPSS
Debian dla-3748 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3748 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
9.7AI Score
0.0004EPSS
openSUSE: Security Advisory for libreoffice (SUSE-SU-2023:4932-1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.001EPSS
openSUSE: Security Advisory for golang (SUSE-SU-2023:2598-1)
The remote host is missing an update for...
8.8CVSS
8.3AI Score
0.024EPSS
openSUSE: Security Advisory for libreoffice (SUSE-SU-2023:4496-1)
The remote host is missing an update for...
5.5CVSS
5.8AI Score
0.0005EPSS
openSUSE: Security Advisory for SUSE Manager Client Tools (SUSE-SU-2023:3868-1)
The remote host is missing an update for...
8.8CVSS
7.3AI Score
0.024EPSS
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages,...
7.5AI Score
Cisco Nexus 3600 External BGP DoS (cisco-sa-nxos-po-acl-TkyePgvL)
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
8.6CVSS
7.3AI Score
0.0005EPSS
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications......
7.1AI Score
Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. (CVE-2024-1546) Through a series of A...
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.6AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.2AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.3AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
8.1AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.8AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
8.3AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
5.5AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
5.5AI Score
0.0004EPSS
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
5.7AI Score
0.0004EPSS
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
5.7AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
7.3AI Score
0.0004EPSS
CentOS 9 : glibc-2.34-83.el9.7
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.7 build changelog. potential use-after-free in getaddrinfo (RHEL-2426) (CVE-2023-4806) buffer overflow in ld.so leading to privilege escalation (RHEL-3000)...
7.8CVSS
8.4AI Score
0.014EPSS
CentOS 7 : thunderbird (RHSA-2024:0957)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0957 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
CentOS 9 : openssl-3.0.7-20.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssl-3.0.7-20.el9 build changelog. Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
6.5CVSS
7AI Score
0.001EPSS
CentOS 9 : libreoffice-7.1.8.1-11.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an...
7.8CVSS
6.6AI Score
0.001EPSS
Rack has possible DoS Vulnerability with Range Header
Possible DoS Vulnerability with Range Header in Rack There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1,...
5.8CVSS
6.9AI Score
0.0004EPSS
Rack has possible DoS Vulnerability with Range Header
Possible DoS Vulnerability with Range Header in Rack There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1,...
5.8CVSS
6.9AI Score
0.0004EPSS
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Possible Denial of Service Vulnerability in Rack Header Parsing There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: ...
5.3CVSS
7AI Score
0.0004EPSS
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Possible Denial of Service Vulnerability in Rack Header Parsing There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: ...
5.3CVSS
7AI Score
0.0004EPSS
Navigating the Waters of Generative AI
Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI (Gen AI) like ChatGPT, was discussed everywhere. In October, Forrester published a report about how security tools will leverage AI. The findings in that report showed that Gen AI would augment....
7.4AI Score
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
6AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
5.8AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
7.3AI Score
0.0004EPSS