Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in.....
6.7AI Score
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
0.0004EPSS
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
5.7AI Score
0.0004EPSS
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
5.8AI Score
0.0004EPSS
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
0.0004EPSS
A flaw was found in Argo-CD. There is an issue with unauthenticated information disclosure of settings data through an exposed API endpoint at...
5.3CVSS
5.1AI Score
0.001EPSS
CVE-2024-27142 Pre-authenticated XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27142 Pre-authenticated XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...
5.9CVSS
0.0004EPSS
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......
5.9CVSS
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
0.0004EPSS
[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40
The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...
6.5CVSS
6.5AI Score
0.0005EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...
8.2CVSS
6.9AI Score
0.0004EPSS
Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass
Description The Contact Form Builder, Contact Widget plugin for WordPress is vulnerable to protection bypass in all versions up to, and including, 2.1.7. This is due to the plugin not properly restricting authentication attempts. This makes it possible for unauthenticated attackers to perform an...
5.3CVSS
7.1AI Score
0.0005EPSS
Rocky Linux 8 : 389-ds:1.4 (RLSA-2024:3047)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3047 advisory. * 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062) Tenable has...
5.5CVSS
7.2AI Score
0.0004EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) * python-cryptography: memory corruption via...
8.1CVSS
7.6AI Score
0.005EPSS
AlmaLinux 9 : fence-agents (ALSA-2024:3820)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the AlmaLinux...
5.4CVSS
5.5AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gke - Linux kernel for Google Container Engine (GKE) systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions,...
7.8CVSS
8.5AI Score
0.0005EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a...
8CVSS
8.4AI Score
0.0004EPSS
Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
Rocky Linux 8 : httpd:2.4 (RLSA-2024:3121)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3121 advisory. * httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) * mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)...
7.5CVSS
8.9AI Score
0.732EPSS
Rocky Linux 8 : ruby:3.3 (RLSA-2024:3670)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...
9AI Score
EPSS
7.5CVSS
7.8AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
Oracle Linux 8 : ruby:3.1 (ELSA-2024-3546)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3546 advisory. ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE...
7AI Score
EPSS
9.8CVSS
7.4AI Score
0.919EPSS
PHP < 8.3.8 - Unauthenticated Remote Code Execution (Windows) Exploit
This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft...
9.8CVSS
7.2AI Score
0.967EPSS
Fortinet FortiClient (FG-IR-22-059) (macOS)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Rocky Linux 8 : pki-core:10.6 and pki-deps:10.6 (RLSA-2024:3061)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3061 advisory. * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) Tenable has extracted the preceding description block directly from...
7.5CVSS
7.2AI Score
0.002EPSS
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...
9AI Score
EPSS
Rocky Linux 8 : ruby:3.1 (RLSA-2024:3546)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby:...
8.9AI Score
EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:3466)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7.8CVSS
7.3AI Score
EPSS
Linux kernel (NVIDIA) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-nvidia-6.5 - Linux kernel for NVIDIA systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this...
7.8CVSS
7.5AI Score
0.001EPSS
Rocky Linux 9 : nodejs:20 (RLSA-2024:2853)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2853 advisory. * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch()...
5.3CVSS
7.8AI Score
0.0004EPSS
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...
8.8CVSS
7.5AI Score
0.002EPSS
Rocky Linux 9 : fence-agents (RLSA-2024:3820)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the Rocky Linux...
5.4CVSS
5.5AI Score
0.0004EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3671 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...
9AI Score
EPSS
Fortinet FortiClient (FG-IR-22-059)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php...
7.7AI Score
0.001EPSS
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php...
0.001EPSS
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of...
7.8CVSS
7.7AI Score
0.0004EPSS
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of...
5.5CVSS
5.5AI Score
0.0004EPSS
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of...
5.5CVSS
5.5AI Score
0.0004EPSS
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data...
7.8CVSS
7.8AI Score
0.0004EPSS
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information...
6.5CVSS
6.2AI Score
0.0004EPSS