A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
7.3AI Score
0.0004EPSS
Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
7.3AI Score
0.0005EPSS
Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
7.2AI Score
0.0004EPSS
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific...
7.2AI Score
0.0004EPSS
Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of...
7.4AI Score
0.0005EPSS
Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details ** CVEID: CVE-2022-34165 DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere...
9.8CVSS
7.8AI Score
0.732EPSS
Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...
10CVSS
9.7AI Score
0.974EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
8.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.8AI Score
0.0004EPSS
CVE-2021-47011 mm: memcontrol: slab: fix obtain a reference to a freeing memcg
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.8AI Score
0.0004EPSS
CVE-2021-47011 mm: memcontrol: slab: fix obtain a reference to a freeing memcg
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
8.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
6.6AI Score
0.0004EPSS
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.5AI Score
0.0004EPSS
Fedora 38 : thunderbird (2024-5361211b10)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5361211b10 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
AlmaLinux 8 : firefox (ALSA-2024:0955)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0955 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.8AI Score
0.0004EPSS
AlmaLinux 8 : thunderbird (ALSA-2024:0964)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0964 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
AlmaLinux 9 : thunderbird (ALSA-2024:0963)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0963 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
Security Advisory 0093 _._CSAF PDF Date: February 28, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 28, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-27889 CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Common Weakness Enumeration: CWE-89:...
8.8CVSS
9.3AI Score
0.001EPSS
AlmaLinux 9 : firefox (ALSA-2024:0952)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (translate, t, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed.....
6.1CVSS
6.4AI Score
0.0004EPSS
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (translate, t, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed.....
6.1CVSS
6.2AI Score
0.0004EPSS
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not...
7.5CVSS
6.7AI Score
0.0004EPSS
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not...
7.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.5CVSS
5.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
7.2AI Score
0.0004EPSS
CVE-2021-46945 ext4: always panic when errors=panic is specified
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
5.8AI Score
0.0004EPSS
CVE-2021-46945 ext4: always panic when errors=panic is specified
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: mount /dev/sda -o ro,errors=panic test mount...
7.2AI Score
0.0004EPSS
Mitsubishi Electric Multiple Factory Automation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.5AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
7.1AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.5AI Score
0.0004EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A...
9.8CVSS
8.1AI Score
0.975EPSS
Oracle Linux 8 : thunderbird (ELSA-2024-0964)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response...
9.6AI Score
0.0004EPSS
Oracle Linux 8 : firefox (ELSA-2024-0955)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit...
9.6AI Score
0.0004EPSS
Oracle Linux 9 : thunderbird (ELSA-2024-0963)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user...
9.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
6.5AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.7AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.9AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.8AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
7.4AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
7.2AI Score
0.0004EPSS
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...
7.4AI Score