The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of size limits on media files (*.youtube and *.vimeo) in the TYPO3 backend, which results in large files consuming excessive system...
7AI Score
7.4AI Score
7.4AI Score
6.5AI Score
0.0004EPSS
7.4AI Score
Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,.....
5.7AI Score
0.0004EPSS
7.4AI Score
Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
6.1AI Score
0.0004EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: * High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11 * High CVE-2024-5494: Use after free in Dawn. Reported by...
7.5AI Score
0.0004EPSS
Chromium: CVE-2024-5496 Use after free in Media Session
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.1AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....
5.9CVSS
6AI Score
0.001EPSS
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
SASE Threat Report: 8 Key Findings for Enterprise Security
Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...
10CVSS
10AI Score
0.976EPSS
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
7.8CVSS
6AI Score
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
7.1AI Score
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 5 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...
9.8CVSS
9.6AI Score
EPSS
7.4AI Score
7.4AI Score
RHEL 8 : amanda (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. amanda: runtar: crafted arguments can lead to local privilege escalation (CVE-2022-37705) In Amanda...
6.7CVSS
8.3AI Score
0.0005EPSS
KLA68438 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...
8.4AI Score
0.0004EPSS
7.4AI Score
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 6 : opus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...
7.8CVSS
7.5AI Score
0.002EPSS
RHEL 5 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: Bypassing the extract path name (CVE-2016-6321) GNU Tar through 1.30, when --sparse is used,...
4.7CVSS
6.1AI Score
0.005EPSS
7.4AI Score
RHEL 5 : opus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...
7.8CVSS
7.9AI Score
0.002EPSS
RHEL 7 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c (CVE-2019-15505) kernel:...
9.8CVSS
8.2AI Score
EPSS
7.4AI Score
7.4AI Score
Debian dsa-5702 : gir1.2-gst-plugins-base-1.0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5702 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5702-1 [email protected] ...
7.8CVSS
8.1AI Score
0.0004EPSS
RHEL 7 : opus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...
7.8CVSS
7.9AI Score
0.002EPSS
Description The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for...
7.2CVSS
6.7AI Score
0.0005EPSS
Microsoft Edge (Chromium) < 125.0.2535.85 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 125.0.2535.85. It is, therefore, affected by multiple vulnerabilities as referenced in the June 3, 2024 advisory. Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker...
10AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy
This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...
7.1AI Score
RHEL 7 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
5.5CVSS
7AI Score
0.011EPSS
RHEL 6 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
4.7CVSS
6.6AI Score
0.011EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Windows
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
Fedora 39 : chromium (2024-4e0ea1c22e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4e0ea1c22e advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...
10AI Score
0.0004EPSS
Fedora 40 : chromium (2024-bb52629e6c)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb52629e6c advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...
10AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Mac OS X
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Linux
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
Debian Security Advisory DSA-5702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 01, 2024 https://www.debian.org/security/faq Package : gst-plugins-base1.0 CVE ID : CVE-2024-4453 An...
7.8CVSS
7.4AI Score
0.0004EPSS
Disable show media on lock screen, but still accessible via pull down notificaion
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for...
6.1AI Score
EPSS