7.8CVSS
8.7AI Score
0.001EPSS
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-2 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.9AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.1AI Score
0.0004EPSS
Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
0.001EPSS
About the security content of visionOS 1.2
About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.9AI Score
0.001EPSS
How to Enable Changed Block Tracking for Guest Cluster on vSphere with Tanzu
Changed Block Tracking is a VMware feature that tracks changes in virtual disks. Veeam Kasten for Kubernetes uses this feature in vSphere with Tanzu Guest Clusters to efficiently backup Persistent...
7AI Score
Exploit for OS Command Injection in Php
CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...
9.8CVSS
10AI Score
0.967EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
0.0004EPSS
Exploit for Logging of Excessive Data in Salesagility Suitecrm
CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...
8.6CVSS
7.2AI Score
0.0005EPSS
7.5CVSS
7.1AI Score
0.931EPSS
Apple Is Coming for Your Password Manager
Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his...
7.3AI Score
linux-gke, linux-ibm, linux-intel-iotg, linux-oracle vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
9.1AI Score
0.0004EPSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.9AI Score
0.0004EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
CVE-2022-26134 A pre-authenticated RCE vulnerability in...
9.8CVSS
9.9AI Score
0.975EPSS
linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
8.9AI Score
0.001EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
8.6AI Score
0.001EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
linux-aws, linux-gcp vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...
7.8CVSS
8.8AI Score
0.0005EPSS
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...
7.8CVSS
8AI Score
0.0005EPSS
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities
Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant. The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with....
8.8CVSS
7.3AI Score
0.018EPSS
PIP-INTEL - OSINT and Cyber Intelligence Tool
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...
7AI Score
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...
7.2AI Score
Exploit for OS Command Injection in Php
CVE-2024-4577 A Proof of Concept developed by...
9.8CVSS
9.5AI Score
0.967EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 A Proof of Concept developed by...
9.8CVSS
9.5AI Score
0.967EPSS
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....
7.7AI Score
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
9.9CVSS
7.1AI Score
0.001EPSS
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
8.1CVSS
7.9AI Score
0.0004EPSS
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
8.1CVSS
7.9AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6821-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
8.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6820-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.6AI Score
0.0004EPSS
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.9AI Score
0.0005EPSS
SolarWinds Serv-U 15.4.2 < 15.4.3
The version of SolarWinds Serv-U installed on the remote host is prior to 15.4.2 HF2. It is, therefore, affected by a vulnerability as referenced in the solarwinds_serv-u_15_4_2_hf_2 advisory. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to...
8.6CVSS
7.9AI Score
0.343EPSS
Releases Ubuntu 24.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions,...
7.8CVSS
8.5AI Score
0.0005EPSS
6.7AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6819-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
8.7AI Score
0.001EPSS
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6816-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.7AI Score
0.0005EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6818-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
8.4AI Score
0.001EPSS
Releases Ubuntu 24.04 LTS Packages linux - Linux kernel linux-ibm - Linux kernel for IBM cloud systems linux-lowlatency - Linux low latency kernel linux-raspi - Linux kernel for Raspberry Pi systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly...
7.8CVSS
8.5AI Score
0.0005EPSS
Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
8.8CVSS
8.4AI Score
0.001EPSS