Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4003)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4003 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
3
nessus
nessus

RHEL 9 : thunderbird (RHSA-2024:4002)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4002 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

RHEL 9 : ghostscript (RHSA-2024:3999)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3999 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

7.2AI Score

EPSS

2024-06-20 12:00 AM
2
nessus
nessus

RHEL 9 : curl (RHSA-2024:3998)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3998 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP,...

6.5AI Score

0.0004EPSS

2024-06-20 12:00 AM
3
almalinux
almalinux

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...

7.3AI Score

EPSS

2024-06-20 12:00 AM
8
osv
osv

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...

8AI Score

EPSS

2024-06-20 12:00 AM
1
almalinux
almalinux

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...

7.3AI Score

EPSS

2024-06-20 12:00 AM
2
osv
osv

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...

8AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

Debian dsa-5717 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5717 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] ...

5.3CVSS

5.1AI Score

0.001EPSS

2024-06-20 12:00 AM
3
nessus
nessus

RHEL 8 : Release of openshift-serverless-clients kn 1.33.0 security update & s (Important) (RHSA-2024:4023)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4023 advisory. Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.0. The kn CLI is...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

Debian dla-3839 : pterm - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3839 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] ...

5.9CVSS

6.4AI Score

0.002EPSS

2024-06-20 12:00 AM
nessus
nessus

RHEL 7 : thunderbird (RHSA-2024:4016)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
nessus
nessus

RHEL 8 : ghostscript (RHSA-2024:4000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4000 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

7.2AI Score

EPSS

2024-06-20 12:00 AM
3
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4018)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4018 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
nessus
nessus

RHEL 9 : thunderbird (RHSA-2024:4004)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4004 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
almalinux
almalinux

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...

7.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-38583

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

RHEL 9 : thunderbird (RHSA-2024:4015)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4015 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4001)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4001 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
2
osv
osv

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): thunderbird: Use-after-free in networking (CVE-2024-5702) thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) thunderbird: External...

7.7AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:2092-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2092-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

7CVSS

7.7AI Score

EPSS

2024-06-20 12:00 AM
nessus
nessus

RHEL 9 : ghostscript (RHSA-2024:4014)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4014 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

7.2AI Score

EPSS

2024-06-20 12:00 AM
3
googleprojectzero
googleprojectzero

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...

7.9AI Score

2024-06-20 12:00 AM
4
schneier
schneier

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we're having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It's gotten so bad that I need to do something. My options are limited because I'm just one...

7.2AI Score

2024-06-19 08:26 PM
1
osv
osv

CVE-2024-38356

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from....

6.1CVSS

5.5AI Score

0.0004EPSS

2024-06-19 08:15 PM
1
osv
osv

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

6.1CVSS

5.6AI Score

0.0004EPSS

2024-06-19 08:15 PM
1
ibm
ibm

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS

9.5AI Score

0.939EPSS

2024-06-19 05:56 PM
14
thn
thn

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly....

7.1AI Score

2024-06-19 04:40 PM
16
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-19 03:28 PM
9
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
debiancve
debiancve

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using...

6.8AI Score

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

6.4AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
nvd
nvd

CVE-2024-38596

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

0.0004EPSS

2024-06-19 02:15 PM
nvd
nvd

CVE-2024-38583

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

0.0004EPSS

2024-06-19 02:15 PM
1
cve
cve

CVE-2024-38583

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

6.5AI Score

0.0004EPSS

2024-06-19 02:15 PM
21
debiancve
debiancve

CVE-2024-38583

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

7AI Score

0.0004EPSS

2024-06-19 02:15 PM
debiancve
debiancve

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th...

7.1AI Score

0.0004EPSS

2024-06-19 02:15 PM
2
cve
cve

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

6.6AI Score

0.0004EPSS

2024-06-19 02:15 PM
20
nvd
nvd

CVE-2024-38567

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

0.0004EPSS

2024-06-19 02:15 PM
cvelist
cvelist

CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...

0.0004EPSS

2024-06-19 01:45 PM
1
cvelist
cvelist

CVE-2024-38583 nilfs2: fix use-after-free of timer for log writer thread

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...

0.0004EPSS

2024-06-19 01:37 PM
2
cvelist
cvelist

CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....

0.0004EPSS

2024-06-19 01:35 PM
2
schneier
schneier

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI Score

2024-06-19 11:09 AM
7
thn
thn

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it....

6.9AI Score

2024-06-19 11:03 AM
18
thn
thn

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes...

7.2AI Score

2024-06-19 10:23 AM
8
thn
thn

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...

6.4AI Score

2024-06-19 10:08 AM
7
cve
cve

CVE-2023-6495

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

4.4AI Score

0.0004EPSS

2024-06-19 09:15 AM
24
nvd
nvd

CVE-2023-6495

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

0.0004EPSS

2024-06-19 09:15 AM
3
vulnrichment
vulnrichment

CVE-2023-6495 YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

5.9AI Score

0.0004EPSS

2024-06-19 08:33 AM
Total number of security vulnerabilities222745