Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Bind vulnerabilities (USN-6723-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6723-1 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause...
7.5CVSS
7.7AI Score
0.05EPSS
tddpd enable_test_mode command execution vulnerability
Talos Vulnerability Report TALOS-2023-1862 tddpd enable_test_mode command execution vulnerability April 9, 2024 CVE Number CVE-2023-49133,CVE-2023-49134 SUMMARY A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access...
8.1CVSS
7.9AI Score
0.001EPSS
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. [5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...
7.8CVSS
8.3AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6725-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-1 advisory. Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when...
9.8CVSS
8.6AI Score
EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...
8CVSS
7.1AI Score
0.0005EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
7AI Score
EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part...
7.8CVSS
7.9AI Score
EPSS
Debian dla-3783 : expat - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3783 advisory. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple...
7.5CVSS
7.5AI Score
0.001EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
9.8CVSS
8.3AI Score
EPSS
[slackware-security] libarchive
New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix possible vulnerability in tar error...
7.3AI Score
Debian dla-3739 : libjwt-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3739 advisory. libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel....
9.8CVSS
7.1AI Score
0.001EPSS
Ubuntu 14.04 LTS : Django vulnerability (USN-6722-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6722-1 advisory. Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's...
9.8CVSS
7.4AI Score
0.198EPSS
Debian dla-3770 : libnet-cidr-lite-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3770 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some...
7.3AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el7] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
7.8CVSS
8.1AI Score
EPSS
Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2024-099-01)
The version of libarchive installed on the remote host is prior to 3.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-099-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when....
7.5AI Score
Debian dla-3782 : bsdutils - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3782 advisory. An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads...
5.5CVSS
7.7AI Score
0.001EPSS
l-santehnik.ru Cross Site Scripting vulnerability OBB-3907010
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Debian dla-3780 : jetty9 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3780 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...
7.5CVSS
6.5AI Score
0.0004EPSS
Debian dla-3779 : libtomcat9-embed-java - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3779 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to...
7AI Score
0.0004EPSS
https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/asse......
6.4AI Score
0.0004EPSS
New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several...
7.8CVSS
7.9AI Score
0.0005EPSS
Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2024-096-01)
The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-096-01 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() ...
7.8CVSS
7.3AI Score
0.0005EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6721-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's...
7.8CVSS
7.7AI Score
0.0005EPSS
5.3CVSS
5.4AI Score
0.0004EPSS
7.5CVSS
8AI Score
0.005EPSS
5.3CVSS
5.4AI Score
0.0005EPSS
New nghttp2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded...
5.3CVSS
7.3AI Score
0.0004EPSS
New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.59-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless...
7.5CVSS
7.5AI Score
0.005EPSS
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...
6.8AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
How to detect the CVE-2024-3094 I'll walk through the...
10CVSS
9.7AI Score
0.133EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6710-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6710-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dsa-5654 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5654 advisory. Inappropriate implementation in V8. (CVE-2024-3156) Use after free in Bookmarks. (CVE-2024-3158) Out of bounds memory access in V8. (CVE-2024-3159) Note...
8.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
Slackware Linux 15.0 / current xorg-server Multiple Vulnerabilities (SSA:2024-094-01)
The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.12 / 21.1.4 / 23.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-094-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the...
7.8CVSS
7.6AI Score
0.0005EPSS
Slackware Linux 15.0 / current nghttp2 Vulnerability (SSA:2024-095-02)
The version of nghttp2 installed on the remote host is prior to 1.61.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-095-02 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...
5.3CVSS
7AI Score
0.0004EPSS
Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-095-01)
The version of httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-095-01 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...
7.5CVSS
7.3AI Score
0.005EPSS
[slackware-security] xorg-server
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in...
7.8CVSS
7.6AI Score
0.0005EPSS
Debian dsa-5653 : gtkwave - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory. An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A...
7.8CVSS
8.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung . For example the following...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
7AI Score
0.0004EPSS
CVE-2024-26657 drm/sched: fix null-ptr-deref in init entity
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
7.4AI Score
Debian dsa-5652 : python-py7zr-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files...
9.1CVSS
7AI Score
0.008EPSS
7.4AI Score