RHEL 8 : thunderbird (RHSA-2024:4003)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4003 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
RHEL 9 : thunderbird (RHSA-2024:4002)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4002 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
RHEL 9 : ghostscript (RHSA-2024:3999)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3999 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
RHEL 9 : curl (RHSA-2024:3998)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3998 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP,...
6.5AI Score
0.0004EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
8AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
6.9AI Score
0.0004EPSS
Debian dsa-5717 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5717 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] ...
5.3CVSS
5.1AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4023 advisory. Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.0. The kn CLI is...
6.9AI Score
0.0004EPSS
Debian dla-3839 : pterm - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3839 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] ...
5.9CVSS
6.4AI Score
0.002EPSS
RHEL 7 : thunderbird (RHSA-2024:4016)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
RHEL 8 : ghostscript (RHSA-2024:4000)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4000 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
RHEL 8 : thunderbird (RHSA-2024:4018)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4018 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
RHEL 9 : thunderbird (RHSA-2024:4004)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4004 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
7.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
7AI Score
0.0004EPSS
RHEL 9 : thunderbird (RHSA-2024:4015)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4015 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:4001)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4001 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...
7.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:2092-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2092-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
7CVSS
7.7AI Score
EPSS
RHEL 9 : ghostscript (RHSA-2024:4014)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4014 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...
7.9AI Score
There has been a lot of toxicity in the comments section of this blog. Recently, we're having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It's gotten so bad that I need to do something. My options are limited because I'm just one...
7.2AI Score
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from....
6.1CVSS
5.5AI Score
0.0004EPSS
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...
6.1CVSS
5.6AI Score
0.0004EPSS
Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...
9.8CVSS
9.5AI Score
0.939EPSS
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly....
7.1AI Score
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...
7.5CVSS
6.9AI Score
0.001EPSS
TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely
Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....
0.0004EPSS
CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
0.0004EPSS
CVE-2024-38583 nilfs2: fix use-after-free of timer for log writer thread
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
0.0004EPSS
CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....
0.0004EPSS
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...
6.8AI Score
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it....
6.9AI Score
New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes...
7.2AI Score
Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...
6.4AI Score
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.4AI Score
0.0004EPSS
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
0.0004EPSS
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.9AI Score
0.0004EPSS