Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...
6.6AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.7AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.1AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.6AI Score
0.0004EPSS
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...
6.9AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
6.9AI Score
0.0004EPSS
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of...
7.5CVSS
6.9AI Score
0.0004EPSS
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of...
7.5CVSS
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
7AI Score
0.0004EPSS
Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to...
7AI Score
EPSS
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...
7.8AI Score
0.0004EPSS
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...
6.9AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.4AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.4AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.5AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
5.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-26909 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5AI Score
0.0004EPSS
SoumniBot: the new Android banker’s unique techniques
The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...
7.4AI Score
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
5.6AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.6AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.8AI Score
0.0004EPSS
CVE-2024-2102 Salon booking system < 9.6.3 - Unauthenticated Stored XSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
5.8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.8AI Score
0.0004EPSS
RHEL 7 : Red Hat Single Sign-On 7.6.8 and security update on RHEL 7 (Important) (RHSA-2024:1860)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1860 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.1AI Score
0.0005EPSS
Fedora 39 : yyjson (2024-ef2e551fab)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ef2e551fab advisory. yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is...
7.5AI Score
0.0004EPSS
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted...
6.8AI Score
0.0004EPSS
Linux kernel (Xilinx ZynqMP) vulnerabilities
Releases Ubuntu 20.04 LTS Packages linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
EPSS
8CVSS
6.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
5.4AI Score
0.0004EPSS
Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of...
9.1CVSS
6.7AI Score
0.001EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.6AI Score
0.0004EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.8 security update on RHEL 8 (Important) (RHSA-2024:1861)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1861 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.4AI Score
0.0005EPSS
Fedora 38 : yyjson (2024-4691d60717)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4691d60717 advisory. yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is...
7.5AI Score
0.0004EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.8 security update on RHEL 9 (Important) (RHSA-2024:1862)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1862 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.1AI Score
0.0005EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.2AI Score
0.0004EPSS
Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
6.7AI Score
0.001EPSS
(RHSA-2024:1868) Important: Red Hat build of Keycloak security update
Red Hat build of Keycloak 22.0.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): path transversal in redirection validation (CVE-2024-1132) ...
6.6AI Score
EPSS
(RHSA-2024:1867) Moderate: Red Hat build of Keycloak 22.0.10 enhancement and security update
Red Hat build of Keycloak 22.0.10 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): ...
6.6AI Score
EPSS
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...
5.5CVSS
5.8AI Score
0.0004EPSS
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...
5.5CVSS
7AI Score
0.0004EPSS
linux-aws-6.5, linux-raspi vulnerabilities
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
8CVSS
8.4AI Score
0.001EPSS
CVE-2024-30378 Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...
5.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-30378 Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The...
5.5CVSS
6AI Score
0.0004EPSS
(RHSA-2024:1866) Important: Red Hat Single Sign-On 7.6.8 security update
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 serves as a replacement for Red Hat Single Sign-On 7.6.7, and....
8.1AI Score
0.0005EPSS
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage...
7AI Score
0.05EPSS