In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
7.8CVSS
7.2AI Score
0.0004EPSS
CVE-2024-26933 USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...
7.8CVSS
7.5AI Score
0.0004EPSS
CentOS 7 : rhc-worker-script (RHSA-2024:2625)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below:...
7.8AI Score
0.0004EPSS
stb stb_vorbis.c comment heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1846 stb stb_vorbis.c comment heap-based buffer overflow vulnerability May 1, 2024 CVE Number CVE-2023-47212 SUMMARY A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead...
9.8CVSS
9.6AI Score
0.001EPSS
Tinyproxy HTTP Connection Headers use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1889 Tinyproxy HTTP Connection Headers use-after-free vulnerability May 1, 2024 CVE Number CVE-2023-49606 SUMMARY A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP...
9.8CVSS
10AI Score
0.001EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
Windows Registry Security Descriptor Utility
Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: security_info: sd: In WRITE mode, the FILE option can be used to specify the information needed.....
7.2AI Score
CrushFTP Unauthenticated Arbitrary File Read
This module leverages an unauthenticated server-side template injection vulnerability in CrushFTP < 10.7.1 and < 11.1.0 (as well as legacy 9.x versions). Attackers can submit template injection payloads to the web API without authentication. When attacker payloads are reflected in the server'...
10CVSS
8.4AI Score
0.966EPSS
Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More
By Dr. Mike Cohen and Carlos Canto Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features. EWF Support Velociraptor has introduced the ability to analyze dead disk images in the...
6.6AI Score
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546) kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133,...
8.6AI Score
0.003EPSS
RHEL 9 : kernel (RHSA-2024:2394)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2394 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: GSM multiplexing race...
9.8CVSS
9.3AI Score
0.003EPSS
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php...
8.7AI Score
0.0004EPSS
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php...
8.8AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php...
7.8AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php...
7.5AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php...
7.8AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php...
7.8AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php...
7.5AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php...
7.9AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php...
7.5AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php...
7.9AI Score
0.0004EPSS
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php...
8.3AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php...
7.9AI Score
0.0004EPSS
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app.....
7.3AI Score
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1962)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1962 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.1AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php...
7.8AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php...
7.8AI Score
0.0004EPSS
AlmaLinux 9 : golang (ALSA-2024:1963)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1963 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.1AI Score
0.0004EPSS
Fedora 40 : kubernetes (2024-ce2eefc399)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ce2eefc399 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....
2.7CVSS
6.9AI Score
0.0004EPSS
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php...
7.8AI Score
0.0004EPSS
Oracle Linux 7 : tigervnc (ELSA-2024-2080)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2080 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when...
7.8CVSS
7.2AI Score
0.0005EPSS
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...
8.9AI Score
0.971EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
Fedora 40 : xorg-x11-server-Xwayland (2024-01a9916e9e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-01a9916e9e advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when...
7.8CVSS
7.4AI Score
0.0005EPSS
AlmaLinux 8 : tigervnc (ALSA-2024:2037)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2037 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.8CVSS
7.7AI Score
0.0005EPSS
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php...
8.6AI Score
0.0004EPSS
Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval
Description The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for...
5.3CVSS
6.8AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2023:3158)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3158 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.3AI Score
0.001EPSS
RHEL 7 : redis (RHSA-2019:2630)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2630 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
7.2CVSS
7.3AI Score
0.188EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:3441)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3441 advisory. A highly-available key value store for shared configuration Security Fix(es): * Information discosure via debug function (CVE-2021-28235) ...
9.8CVSS
9.8AI Score
0.003EPSS
RHEL 7 : redis (RHSA-2019:2506)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2506 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
7.2CVSS
7.5AI Score
0.188EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2019:1201)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1201 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...
5.6CVSS
6.3AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:1014)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1014 advisory. A highly-available key value store for shared configuration Security Fix(es): * Improve heuristics preventing CPU/memory abuse by parsing malicious...
7.5CVSS
7.8AI Score
0.005EPSS
RHEL 7 : Red Hat OpenStack Platform 13.0 (RHSA-2023:3161)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3161 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.3AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (RHSA-2023:3157)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3157 advisory. Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the...
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) (RHSA-2023:5970)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5970 advisory. A highly-available key value store for shared configuration Shared library for infrawatch golang components Security Fix(es): * golang:...
7.5CVSS
9AI Score
0.732EPSS
RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fix(es) are applicable to Red...
7.5CVSS
9.4AI Score
0.005EPSS