Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
0.0004EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.7AI Score
0.0004EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
5.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
0.001EPSS
7.5CVSS
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
5.5CVSS
0.0004EPSS
...
5.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U
On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions (Serv-U FTP and Serv-U MFT). Successful exploitation of the vulnerability allows unauthenticated attackers to read...
8.6CVSS
7.8AI Score
0.343EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 Basic POC to test CVE-2024-3094 vulnerability...
10CVSS
7.5AI Score
0.133EPSS
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
...
5.5CVSS
7.1AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
0.001EPSS
Description of the security update for SharePoint Server Subscription Edition: June 11, 2024 (KB5002603) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...
7.8CVSS
8AI Score
0.001EPSS
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
9.8CVSS
9.8AI Score
0.003EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
6.5AI Score
0.0004EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
0.0004EPSS
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
4.4CVSS
5.4AI Score
0.0004EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
0.0004EPSS
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...
4.9CVSS
5.5AI Score
0.0005EPSS
Moderate: python-idna security update
The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...
6.8AI Score
EPSS
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
4.4CVSS
6.7AI Score
0.0004EPSS
Moderate: python-idna security update
The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...
6.5AI Score
EPSS
KLA68916 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited...
8.1CVSS
6.3AI Score
0.001EPSS
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.8CVSS
7AI Score
0.001EPSS
Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
8.1AI Score
0.001EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
7.2AI Score
0.0004EPSS
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.8CVSS
7.1AI Score
0.001EPSS
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...
6.4CVSS
5.9AI Score
0.0004EPSS
Vulnerability in BSON Handler component of PyMongo client library is related to deserialize incorrect BSON. Exploitation of the vulnerability could allow an attacker acting remotely to disclose sensitive...
8.1CVSS
6.8AI Score
0.001EPSS
Vulnerability in clone/clone_from components of Python library for interacting with git repositories GitPython is associated with errors in input processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting a specially crafted URL...
9.8CVSS
7.8AI Score
0.001EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.7AI Score
0.0004EPSS
traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability
The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.9AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages tiff - Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations,...
5.5CVSS
8.4AI Score
0.0004EPSS
7.8CVSS
8.8AI Score
0.001EPSS
Vulnerability of uv_getaddrinfo() function (src/unix/getaddrinfo.c, src/win/getaddrinfo.c) of libuv asynchronous I/O library is related to insufficient checking of incoming requests. libuv asynchronous I/O is due to insufficient checking of incoming requests. Exploitation of the vulnerability...
7.3CVSS
6.8AI Score
0.001EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 126.0.6478.54 (Linux) 126.0.6478.56/57( Windows, Mac) contains a number of fixes and improvements -- a list of changes is...
8.8CVSS
8.1AI Score
0.001EPSS
A vulnerability in the JSON Handler component of the Python PyMySQL library of MySQL is related to keys not being escaped properly using escape_dict. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to data, tampering with data, or potentially...
7.8AI Score
0.0004EPSS
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...
4.9CVSS
5.3AI Score
0.0005EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.7AI Score
0.0004EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c....
7.1AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges...
10CVSS
8.9AI Score
EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
8AI Score
0.001EPSS
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...
7.5AI Score
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
5.9CVSS
6.9AI Score
0.0004EPSS
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
5.9CVSS
5.8AI Score
0.0004EPSS
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
5.9CVSS
0.0004EPSS
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...
5.9CVSS
7AI Score
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score