In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
7AI Score
0.0004EPSS
CVE-2024-26773 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a...
6.6AI Score
0.0004EPSS
CVE-2024-26773 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a...
7.6AI Score
0.0004EPSS
CVE-2024-26772 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
6.7AI Score
0.0004EPSS
CVE-2024-26772 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len.....
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len.....
5.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
6.2AI Score
0.0004EPSS
CVE-2024-26704 ext4: fix double-free of blocks due to wrong extents moved_len
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len.....
6.4AI Score
0.0004EPSS
CVE-2024-26685 nilfs2: fix potential bug in end_buffer_async_write
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
7.6AI Score
0.0004EPSS
CVE-2024-26685 nilfs2: fix potential bug in end_buffer_async_write
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
6.7AI Score
0.0004EPSS
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)
Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. Minerva uses the open-source OpenSSL library for cryptographic functions and to support secure communications. The root cause of this vulnerability is Minerva’s implementation of...
7.8CVSS
8.1AI Score
0.0004EPSS
ST Smart Things Sentinel is an advanced security tool engineered specifically to scrutinize and detect threats within the intricate protocols utilized by IoT (Internet of Things) devices. In the ever-expanding landscape of connected devices, ST Smart Things Sentinel emerges as a vigilant guardian,....
7.3AI Score
Fedora: Security Advisory for ghc-hakyll (FEDORA-2024-b458482d48)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
RT Easy Builder – Advanced addons for Elementor < 2.1 - Missing Authorization
Description The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the ajax_activate_plugins() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers,.....
8.8CVSS
6.7AI Score
0.001EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.5CVSS
7.7AI Score
0.005EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
7.6AI Score
0.0004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-ad50671f6c)
The remote host is missing an update for...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len.....
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and...
7.6AI Score
0.0004EPSS
Description The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.5CVSS
5.8AI Score
0.0004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-31b196eaf1)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2024-8890015ff3)
The remote host is missing an update for...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a...
7.6AI Score
0.0004EPSS
Fedora: Security Advisory for ghc-hakyll (FEDORA-2024-6ad6b9f417)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
6.9AI Score
0.0004EPSS
(RHSA-2024:1649) Important: postgresql-jdbc: security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE...
7.4AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through...
6.4CVSS
6.5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through...
6.4CVSS
7.1AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through...
6.4CVSS
6.6AI Score
0.0004EPSS
Key Insights from the NCSC’s Vulnerability Management Guidance
In a world increasingly surrounded by cyber threats, the UK's National Cyber Security Centre (NCSC) offers vital guidance on Vulnerability Management, providing clear and actionable advice for tackling cyber threats. Their recommendations are essential for organizations to understand and mitigate.....
7.9AI Score
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data from....
7.5CVSS
9.9AI Score
0.004EPSS
Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated Cloning
By Cyber Newswire Congressman Swalwell partners with Wolfsbane.ai, using advanced tech to shield his 2024 campaign from AI deepfakes and safeguard election integrity. This is a post from HackRead.com Read the original post: Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated...
7.3AI Score
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...
7.3AI Score
Harnessing the Power of CTEM for Cloud Security
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What's more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud...
7.2AI Score
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF26 patch. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE...
9.1CVSS
10AI Score
0.002EPSS
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,.....
6.4CVSS
7.6AI Score
0.0004EPSS
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,.....
6.4CVSS
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
7.5AI Score
0.0004EPSS
CVE-2024-26667 drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
7.6AI Score
0.0004EPSS
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
8AI Score
0.0004EPSS