[2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E....
7.8CVSS
8AI Score
0.014EPSS
Oracle Linux 8 : glibc (ELSA-2023-5455)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa...
7.8CVSS
7.9AI Score
0.014EPSS
Oracle Linux 9 : glibc (ELSA-2023-5453)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5453 advisory. A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash....
7.8CVSS
8AI Score
0.014EPSS
[SECURITY] [DLA 3601-1] thunderbird security update
Debian LTS Advisory DLA-3601-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.3.1-1~deb10u1 CVE...
9.8CVSS
9.4AI Score
0.248EPSS
[2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....
7.8CVSS
8AI Score
0.014EPSS
8.8CVSS
9AI Score
EPSS
8.8CVSS
8.8AI Score
0.002EPSS
Oracle Linux 8 : glibc (ELSA-2023-12853)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12853 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...
7.8CVSS
8.2AI Score
0.014EPSS
An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...
7.8CVSS
7.8AI Score
0.014EPSS
Moxa NPort 5000 Series Improper Validation of Integrity Check Value (CVE-2023-4929)
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices......
8.8CVSS
8.9AI Score
0.001EPSS
[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....
7.8CVSS
8AI Score
0.014EPSS
AlmaLinux 8 : glibc (ALSA-2023:5455)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...
7.8CVSS
8AI Score
0.014EPSS
Rocky Linux 8 : glibc (RLSA-2023:5455)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...
7.8CVSS
8AI Score
0.014EPSS
Oracle Linux 9 : glibc (ELSA-2023-12854)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12854 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...
7.8CVSS
8.2AI Score
0.014EPSS
AlmaLinux 9 : glibc (ALSA-2023:5453)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5453 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...
7.8CVSS
8AI Score
0.014EPSS
(RHSA-2023:5476) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
6.8AI Score
0.014EPSS
(RHSA-2023:5455) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
6.9AI Score
0.014EPSS
(RHSA-2023:5454) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
8.4AI Score
0.014EPSS
(RHSA-2023:5453) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
6.9AI Score
0.014EPSS
[2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....
7.8CVSS
8AI Score
0.014EPSS
Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
7.8CVSS
7.8AI Score
0.014EPSS
RHEL 9 : glibc (RHSA-2023:5453)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5453 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...
7.8CVSS
8.5AI Score
0.014EPSS
Oracle Linux 9 : glibc (ELSA-2023-12850)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12850 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...
7.8CVSS
8.2AI Score
0.014EPSS
Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
7.8CVSS
7.8AI Score
0.014EPSS
RHEL 9 : glibc (RHSA-2023:5454)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5454 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...
7.8CVSS
8.6AI Score
0.014EPSS
[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....
7.8CVSS
8AI Score
0.014EPSS
Oracle Linux 8 : glibc (ELSA-2023-12851)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12851 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...
7.8CVSS
8.2AI Score
0.014EPSS
RHEL 8 : glibc (RHSA-2023:5476)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5476 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...
7.8CVSS
8.6AI Score
0.014EPSS
RHEL 8 : glibc (RHSA-2023:5455)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5455 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...
7.8CVSS
8.5AI Score
0.014EPSS
8.8CVSS
8.8AI Score
0.002EPSS
[SECURITY] [DSA 5513-1] thunderbird security update
Debian Security Advisory DSA-5513-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-5176 CVE-2023-5171...
9.8CVSS
7.3AI Score
0.001EPSS
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...
8.8CVSS
8.7AI Score
0.001EPSS
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...
8.8CVSS
8.7AI Score
0.001EPSS
Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-359)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-359 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via...
7.8CVSS
7.9AI Score
0.014EPSS
8.8CVSS
9.2AI Score
0.248EPSS
8.8CVSS
9.2AI Score
0.248EPSS
9.8CVSS
9.4AI Score
0.001EPSS
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...
9.8CVSS
9.2AI Score
0.976EPSS
[SECURITY] [DLA 3591-1] firefox-esr security update
Debian LTS Advisory DLA-3591-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 30, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.3.1esr-1~deb10u1 CVE...
8.8CVSS
9.5AI Score
0.248EPSS
Debian DSA-5509-1 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5509 advisory. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap...
8.8CVSS
9.3AI Score
0.248EPSS
Debian DLA-3591-1 : firefox-esr - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3591 advisory. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap...
8.8CVSS
9.3AI Score
0.248EPSS
[SECURITY] [DSA 5510-1] libvpx security update
Debian Security Advisory DSA-5510-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2023 https://www.debian.org/security/faq Package : libvpx CVE ID : CVE-2023-5217 Debian Bug :...
8.8CVSS
7.8AI Score
0.248EPSS
[SECURITY] [DSA 5509-1] firefox-esr security update
Debian Security Advisory DSA-5509-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5217 A buffer...
8.8CVSS
9.5AI Score
0.248EPSS
[SECURITY] [DSA 5508-1] chromium security update
Debian Security Advisory DSA-5508-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2023 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2023-5186 CVE-2023-5187...
8.8CVSS
10AI Score
0.248EPSS
[SECURITY] [DLA 3587-1] firefox-esr security update
Debian LTS Advisory DLA-3587-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.3.0esr-1~deb10u1 CVE...
9.8CVSS
9.3AI Score
0.001EPSS
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of...
8.6AI Score
0.008EPSS
Debian DLA-3587-1 : firefox-esr - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3587 advisory. A compromised content process could have provided malicious data in a PathRecording resulting in an out- of-bounds write, leading to a potentially...
9.8CVSS
8.1AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.001EPSS
Debian DSA-5506-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5506 advisory. A compromised content process could have provided malicious data in a PathRecording resulting in an out- of-bounds write, leading to a potentially...
9.8CVSS
9.5AI Score
0.001EPSS
[SECURITY] [DSA 5506-1] firefox-esr security update
Debian Security Advisory DSA-5506-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5169 CVE-2023-5171...
9.8CVSS
7.2AI Score
0.001EPSS