In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for ovn (FEDORA-2024-bf29e92de4)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: ovn-23.09.0-139.fc40
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security...
6.5CVSS
7AI Score
0.0005EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
7.6AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...
7.8CVSS
7.7AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
8.1AI Score
EPSS
GitLens Git Local Configuration Exec
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows...
8AI Score
[SECURITY] Fedora 38 Update: ovn-23.09.0-139.fc38
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security...
6.5CVSS
7AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: ovn-23.09.0-139.fc39
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security...
6.5CVSS
6.6AI Score
0.0005EPSS
Reflectionless Templates With Spring
A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...
7.2AI Score
7.4AI Score
VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)
The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker...
6.5CVSS
7.5AI Score
EPSS
Exploit for Out-of-bounds Read in Microsoft
Information ============== Windows Kernel Pool (clfs.sys)...
7.8CVSS
6.8AI Score
0.002EPSS
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a...
6.9AI Score
0.0004EPSS
This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree. Users are recommended to upgrade to...
7AI Score
0.0004EPSS
This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree. Users are recommended to upgrade to...
6.7AI Score
0.0004EPSS
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the...
6.6AI Score
0.0004EPSS
Apache Commons Configuration 2.0.x < 2.10.1 Multiple Vulnerabilities
The Apache Commons Configuration library is prone to multiple ...
6.6AI Score
0.0004EPSS
Jupyter Server Proxy's Websocket Proxying does not require authentication
Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages (partial list) also use jupyter-server-proxy to expose other popular interactive...
9CVSS
7.9AI Score
0.0004EPSS
Jupyter Server Proxy's Websocket Proxying does not require authentication
Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages (partial list) also use jupyter-server-proxy to expose other popular interactive...
9CVSS
7.9AI Score
0.0004EPSS
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Cisco Talos disclosed several vulnerabilities in JustSystems' Ichitaro Word Processor last year. These vulnerabilities were complex and were discovered through extensive reverse engineering. CVE-2023-35126 and its peers (CVE-2023-34366, CVE-2023-38127, and CVE-2023-38128) were each assessed as...
7.8CVSS
6.9AI Score
0.004EPSS
(RHSA-2024:1394) Important: ovn23.03 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn23.03: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1393) Important: ovn22.03 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn22.03: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1392) Important: ovn22.12 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn22.12: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1391) Important: ovn23.06 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn23.06: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1390) Important: ovn23.09 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn23.09: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1388) Important: ovn23.03 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn23.03: insufficient validation...
6.6AI Score
0.0005EPSS
(RHSA-2024:1387) Important: ovn22.03 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn22.03: insufficient validation...
6.6AI Score
0.0005EPSS
(RHSA-2024:1386) Important: ovn22.12 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn22.12: insufficient validation...
7.2AI Score
0.0005EPSS
(RHSA-2024:1385) Important: ovn23.06 security update
OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security fix(es): ovn23.06: insufficient validation...
6.6AI Score
0.0005EPSS
update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for....
7.2AI Score
RHEL 8 : ovn23.03 (RHSA-2024:1388)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1388 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.8AI Score
0.0005EPSS
RHEL 8 : ovn22.12 (RHSA-2024:1386)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1386 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.3AI Score
0.0005EPSS
RHEL 9 : ovn23.09 (RHSA-2024:1390)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1390 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.8AI Score
0.0005EPSS
RHEL 8 : ovn22.03 (RHSA-2024:1387)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1387 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.3AI Score
0.0005EPSS
RHEL 9 : ovn22.12 (RHSA-2024:1392)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1392 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.3AI Score
0.0005EPSS
RHEL 9 : ovn23.03 (RHSA-2024:1394)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1394 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.8AI Score
0.0005EPSS
RHEL 9 : ovn23.06 (RHSA-2024:1391)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1391 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.8AI Score
0.0005EPSS
RHEL 8 : ovn23.06 (RHSA-2024:1385)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1385 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.3AI Score
0.0005EPSS
RHEL 9 : ovn22.03 (RHSA-2024:1393)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1393 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.3AI Score
0.0005EPSS
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
Summary An attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. Details The vulnerability is rooted.....
7.5CVSS
7.9AI Score
0.0004EPSS
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
Summary An attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. Details The vulnerability is rooted.....
7.5CVSS
7AI Score
0.0004EPSS
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security...
9.8CVSS
7.1AI Score
0.002EPSS
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security...
9.8CVSS
7.1AI Score
0.0004EPSS
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed in the Arm Mali driver version r47p0, which was released publicly on December 14, 2023. It was fixed in Android in the March security update. When exploited, this....
7.9AI Score
0.0004EPSS
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in...
6.8AI Score
0.0004EPSS
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in...
6.6AI Score
0.0004EPSS
NETCONF Protocol / Subsystem over SSH Detection (SSH Login)
SSH login-based detection of services supporting the NETCONF protocol / subsystem over...
7.3AI Score
7.4AI Score
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in...
6.8AI Score
0.0004EPSS