8.9AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6648-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6648-1 advisory. An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use- after-free because of an...
7.8CVSS
6.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6649-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6649-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...
7AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.96EPSS
IBM SECURITY ADVISORY First Issued: Wed Feb 21 15:59:59 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perl_advisory8.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl (CVE-2024-25021,...
9.8CVSS
8.1AI Score
0.001EPSS
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate.....
10CVSS
9.5AI Score
0.976EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux...
7CVSS
7.5AI Score
0.0004EPSS
8.9AI Score
0.0004EPSS
Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-2 advisory. libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated...
9.8CVSS
10AI Score
0.036EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6647-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6647-1 advisory. An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg...
7CVSS
7.3AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)
The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
7.3AI Score
0.0004EPSS
Debian dla-3736 : libunbound-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3736 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU...
7.5CVSS
7.9AI Score
0.05EPSS
Access Control Error Vulnerability in Spring Security
Spring Security is a Spring-based enterprise applications can provide a declarative security access control solution for the security framework . It provides a set of beans that can be configured in the Spring application context , taking full advantage of the Spring IoC, DI (Control Inversion...
7.4CVSS
7.5AI Score
0.0004EPSS
7.3CVSS
7.4AI Score
0.001EPSS
Debian dsa-5627 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5627 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
New libuv packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libuv-1.48.0-i586-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for...
7.3CVSS
7.1AI Score
0.001EPSS
10CVSS
9.9AI Score
0.001EPSS
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
7.5AI Score
0.0004EPSS
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's...
9.8CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.899EPSS
Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)
The version of libuv installed on the remote host is prior to 1.48.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-051-02 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c...
7.3CVSS
7.2AI Score
0.001EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6646-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6646-1 advisory. An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg...
7CVSS
6.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-051-01)
The version of mozilla-firefox installed on the remote host is prior to 115.8.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-051-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
9.7AI Score
0.0004EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that a...
7CVSS
7.6AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-6625-3)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6625-3 advisory. Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to...
7CVSS
7.1AI Score
0.001EPSS
Releases Ubuntu 14.04 ESM Packages linux - Linux kernel Details It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service...
5.5CVSS
5.9AI Score
0.0004EPSS
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-6645-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6645-1 advisory. A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local...
5.5CVSS
6.7AI Score
0.0004EPSS
Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...
3.1CVSS
3.7AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before...
9CVSS
9.3AI Score
0.0004EPSS
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before...
7.1CVSS
6.9AI Score
0.0004EPSS
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before...
9CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before...
9CVSS
7.5AI Score
0.0004EPSS
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before...
7.1CVSS
7.4AI Score
0.0004EPSS
CVE-2023-6260 Web UI OS Command Injection in Brivo ACS100, ACS300
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before...
9CVSS
9.4AI Score
0.0004EPSS
CVE-2023-6260 Web UI OS Command Injection in Brivo ACS100, ACS300
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before...
9CVSS
9.2AI Score
0.0004EPSS
CVE-2023-6259 Local Access to Sensitive Data in Brivo ACS100 and ACS300
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before...
7.1CVSS
7.2AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Bind vulnerabilities (USN-6642-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6642-1 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
7.7AI Score
0.05EPSS
Debian dla-3735 : golang-github-opencontainers-runc-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization...
8.6CVSS
6.5AI Score
0.051EPSS
Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6641-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6641-1 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or...
6.5CVSS
7AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : NPM IP vulnerability (USN-6643-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6643-1 advisory. An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information...
9.8CVSS
7.5AI Score
0.001EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 23.10 : LibTIFF vulnerabilities (USN-6644-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6644-1 advisory. A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file...
7.5CVSS
7.7AI Score
0.002EPSS
Debian dla-3734 : openvswitch-common - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3734 advisory. A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local...
7.1CVSS
6.7AI Score
0.0004EPSS
Debian dsa-5626 : pdns-recursor - security update
The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5626 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU...
7.5CVSS
8AI Score
0.05EPSS
Debian dsa-5625 : engrampa - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5625 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve...
9.6CVSS
9.5AI Score
0.004EPSS
9.8CVSS
7AI Score
0.899EPSS
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:0472-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache...
7.5CVSS
7.5AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6626-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6626-3 advisory. A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of...
9CVSS
7.5AI Score
0.004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6639-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6639-1 advisory. An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg race...
7.8CVSS
7.7AI Score
0.003EPSS