7.8CVSS
7.7AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
7.8CVSS
8.1AI Score
EPSS
Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2024-099-01)
The version of libarchive installed on the remote host is prior to 3.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-099-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when....
7.5AI Score
Debian dla-3782 : bsdutils - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3782 advisory. An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads...
5.5CVSS
7.7AI Score
0.001EPSS
l-santehnik.ru Cross Site Scripting vulnerability OBB-3907010
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Debian dla-3780 : jetty9 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3780 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can...
7.5CVSS
6.5AI Score
0.0004EPSS
Debian dla-3779 : libtomcat9-embed-java - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3779 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to...
7AI Score
0.0004EPSS
https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/asse......
6.4AI Score
0.0004EPSS
New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several...
7.8CVSS
7.9AI Score
0.0005EPSS
Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2024-096-01)
The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-096-01 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() ...
7.8CVSS
7.3AI Score
0.0005EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6721-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's...
7.8CVSS
7.7AI Score
0.0005EPSS
5.3CVSS
5.4AI Score
0.0004EPSS
7.5CVSS
8AI Score
0.005EPSS
5.3CVSS
5.4AI Score
0.0005EPSS
New nghttp2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded...
5.3CVSS
7.3AI Score
0.0004EPSS
New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.59-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless...
7.5CVSS
7.5AI Score
0.005EPSS
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...
6.8AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
How to detect the CVE-2024-3094 I'll walk through the...
10CVSS
9.7AI Score
0.133EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6710-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6710-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dsa-5654 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5654 advisory. Inappropriate implementation in V8. (CVE-2024-3156) Use after free in Bookmarks. (CVE-2024-3158) Out of bounds memory access in V8. (CVE-2024-3159) Note...
8.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
Slackware Linux 15.0 / current xorg-server Multiple Vulnerabilities (SSA:2024-094-01)
The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.12 / 21.1.4 / 23.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-094-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the...
7.8CVSS
7.6AI Score
0.0005EPSS
Slackware Linux 15.0 / current nghttp2 Vulnerability (SSA:2024-095-02)
The version of nghttp2 installed on the remote host is prior to 1.61.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-095-02 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...
5.3CVSS
7AI Score
0.0004EPSS
Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-095-01)
The version of httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-095-01 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...
7.5CVSS
7.3AI Score
0.005EPSS
[slackware-security] xorg-server
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in...
7.8CVSS
7.6AI Score
0.0005EPSS
Debian dsa-5653 : gtkwave - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory. An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A...
7.8CVSS
8.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung . For example the following...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
7AI Score
0.0004EPSS
CVE-2024-26657 drm/sched: fix null-ptr-deref in init entity
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.3AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Debian dsa-5652 : python-py7zr-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files...
9.1CVSS
7AI Score
0.009EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung [email protected]. For...
6.2AI Score
0.0004EPSS
7.4AI Score
Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)
The XZ Utils of the Tukaani Project have been backdoored by an unknown threat actor in February and March...
10CVSS
9.8AI Score
0.133EPSS
Ubuntu 22.04 LTS : Cacti vulnerability (USN-6720-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6720-1 advisory. Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php....
9.8CVSS
8.2AI Score
0.521EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS
7.4AI Score
Debian dla-3778 : libnss-libvirt - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3778 advisory. A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage...
6.7CVSS
7.4AI Score
0.004EPSS
Debian dsa-5651 : mediawiki - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5651 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dsa-5650 : bsdextrautils - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5650 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv....
6.5AI Score
0.0005EPSS
8.8CVSS
7AI Score
0.006EPSS
R2Frida - Radare2 And Frida Better Together
This is a self-contained plugin for radare2 that allows to instrument remote processes using frida. The radare project brings a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools. Frida is a...
7.4AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 XZ-Utils Vulnerability Checker and Fixer...
10CVSS
9.6AI Score
0.133EPSS
How to back up your iPhone to a Mac
They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your...
7.1AI Score
Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services: - Open / Protected S3 Buckets - awsapps (WorkMail, WorkDocs, Connect, etc.) Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...
7.2AI Score