[slackware-security] coreutils
New coreutils packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a...
5.5CVSS
7AI Score
0.0004EPSS
5.5CVSS
5.7AI Score
0.0004EPSS
7.4AI Score
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6707-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6707-4 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
5.6AI Score
0.0005EPSS
7.5AI Score
Debian dsa-5648 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5648 advisory. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML...
8.8CVSS
7.5AI Score
0.001EPSS
Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2024-088-02)
The version of util-linux installed on the remote host is prior to 2.37.4 / 2.40. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-02 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to...
6.9AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6704-4)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6704-4 advisory. In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in...
7.8CVSS
7AI Score
0.004EPSS
Slackware Linux 15.0 / current seamonkey Vulnerability (SSA:2024-088-01)
The version of seamonkey installed on the remote host is prior to 2.53.18.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Slackware Linux 15.0 / current coreutils Vulnerability (SSA:2024-088-03)
The version of coreutils installed on the remote host is prior to 9.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-03 advisory. A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in...
5.5CVSS
7AI Score
0.0004EPSS
[slackware-security] util-linux
New util-linux packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz: Rebuilt. This release fixes a vulnerability where the wall command did not filter ...
7.3AI Score
0.0005EPSS
[slackware-security] seamonkey
New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information,...
7.5AI Score
Podman affected by CVE-2024-1753 container escape at build time
Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind . This is a...
8.6CVSS
8.5AI Score
0.0005EPSS
Podman affected by CVE-2024-1753 container escape at build time
Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind . This is a...
8.6CVSS
6.6AI Score
0.0005EPSS
7.4AI Score
6.6AI Score
0.0004EPSS
7.4AI Score
New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.7.1-i586-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with...
7.5AI Score
0.0004EPSS
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...
8.8CVSS
9.4AI Score
0.005EPSS
Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6718-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6718-2 advisory. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...
6.4AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : unixODBC vulnerability (USN-6715-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6715-1 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and...
7.1CVSS
7AI Score
0.0004EPSS
Debian dla-3777 : composer - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3777 advisory. Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may...
8.8CVSS
7.7AI Score
0.005EPSS
Debian dla-3776 : libnode-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3776 advisory. The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private...
7.5CVSS
6.8AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : util-linux vulnerability (USN-6719-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6719-1 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...
6.5AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : curl vulnerabilities (USN-6718-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-1 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...
6.7AI Score
0.0004EPSS
Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)
The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols...
5.7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6686-5)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-5 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain...
7.8CVSS
7.1AI Score
EPSS
Updated gnutls packages fix security vulnerabilities
The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512...
5.3CVSS
6.6AI Score
0.0005EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PAM vulnerability (USN-6588-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6588-2 advisory. linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...
5.5CVSS
6.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6717-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6717-1 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects...
7.5CVSS
9.1AI Score
0.001EPSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Ubuntu 20.04 LTS : CRM shell vulnerability (USN-6711-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6711-1 advisory. An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history (when crm is run) were able to execute commands via shell...
7.8CVSS
8.2AI Score
0.0005EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel (AWS) vulnerabilities (USN-6707-3)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6707-3 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation....
7.8CVSS
7.7AI Score
0.002EPSS
Ubuntu 23.10 : QPDF vulnerability (USN-6713-1)
The remote Ubuntu 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6713-1 advisory. Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h....
5.5CVSS
6.5AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Debian Goodies vulnerability (USN-6714-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6714-1 advisory. debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file....
7.8CVSS
7.8AI Score
0.001EPSS
Debian dla-3773 : freeipa-admintools - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3773 advisory. specially crafted HTTP requests potentially lead to DoS or data exposure [fedora-all] (CVE-2024-1481) Note that Nessus has not tested for this issue but has instead...
5.3CVSS
5.2AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6704-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6704-3 advisory. In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in...
7.8CVSS
7AI Score
0.004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6716-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6716-1 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...
7.8CVSS
7.1AI Score
0.003EPSS
Debian dla-3775 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3775 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...
7.5CVSS
8.5AI Score
0.001EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6710-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6710-1 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...
7.2AI Score
0.0005EPSS
7.6AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Net::CIDR::Lite vulnerability (USN-6712-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6712-1 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some...
7AI Score
0.0004EPSS
Debian dla-3774 : gross - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3774 advisory. A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or...
8.4AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6701-3)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-3 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux...
7.8CVSS
7.7AI Score
0.003EPSS
New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in...
7.8CVSS
7.9AI Score
0.001EPSS
Debian dla-3772 : idle-python3.7 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3772 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The...
7.8CVSS
6.6AI Score
0.0005EPSS
Debian dla-3771 : idle-python2.7 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3771 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to...
6.2CVSS
6.4AI Score
0.0005EPSS
Debian dsa-5646 : cacti - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5646 advisory. Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS)...
8.8CVSS
6.5AI Score
0.001EPSS