RHEL 7 : opus (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. opus: Memory corruption during media file and data processing (CVE-2017-0381) Note that Nessus has not tested for...
7.8CVSS
7.9AI Score
0.002EPSS
Debian dsa-5702 : gir1.2-gst-plugins-base-1.0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5702 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5702-1 [email protected] ...
7.8CVSS
8.1AI Score
0.0004EPSS
Description The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for...
7.2CVSS
6.7AI Score
0.0005EPSS
Microsoft Edge (Chromium) < 125.0.2535.85 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 125.0.2535.85. It is, therefore, affected by multiple vulnerabilities as referenced in the June 3, 2024 advisory. Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker...
10AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy
This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...
7.1AI Score
RHEL 7 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
5.5CVSS
7AI Score
0.011EPSS
RHEL 6 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
4.7CVSS
6.6AI Score
0.011EPSS
RHEL 7 : ovirt-engine-backend (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ovirt-engine: connection does not validate certificate attributes. (CVE-2014-3706) Red Hat Enterprise...
6.5CVSS
7.3AI Score
0.001EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Windows
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
Fedora 39 : chromium (2024-4e0ea1c22e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4e0ea1c22e advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...
10AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Mac OS X
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
Fedora 40 : chromium (2024-bb52629e6c)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb52629e6c advisory. update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High...
10AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_30-2024-05) - Linux
Google Chrome is prone to multiple ...
6.3AI Score
0.0004EPSS
[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
Debian Security Advisory DSA-5702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 01, 2024 https://www.debian.org/security/faq Package : gst-plugins-base1.0 CVE ID : CVE-2024-4453 An...
7.8CVSS
7.4AI Score
0.0004EPSS
...
8.6CVSS
6.3AI Score
0.945EPSS
Disable show media on lock screen, but still accessible via pull down notificaion
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for...
6.1AI Score
EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.4AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.4AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.8AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.8AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.4AI Score
0.0004EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...
6.4AI Score
0.0004EPSS
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting
The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05,...
7.2AI Score
OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered
OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...
6.8AI Score
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
9.4AI Score
0.0004EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.5AI Score
0.0004EPSS
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
9.4AI Score
0.0004EPSS
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.6AI Score
0.0004EPSS
8.2CVSS
6.8AI Score
0.959EPSS
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
VSS Snapshot Creation Delay on Server with DFSR Enabled
When preparing the DFS VSS writer for backup, the Veeam Agent gets into a recursion while checking the files in the scope of the DFS...
7.1AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-068)
The version of kernel installed on the remote host is prior to 5.4.271-184.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-068 advisory. 2024-06-06: CVE-2024-27417 was added to this advisory. In the Linux kernel, the following vulnerability...
7.9AI Score
0.0004EPSS
How to Configure PXE Booting of Veeam Agent for Linux Recovery Media
This article documents how to configure Linux to PXE boot the Veeam Agent for Linux Recovery Media over a...
7AI Score
According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...
5.8CVSS
5.8AI Score
0.0004EPSS
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
EPSS
This error occurs when the storage device is formatted with a 4k logical block size and the Veeam Data Mover Service does not have sufficient permissions to determine the logical block...
7AI Score
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2024-4948: Use after free in Dawn CVE-2024-5274: Type Confusion in V8 CVE-2024-5493: Heap buffer overflow in WebRTC CVE-2024-5494: Use after free in Dawn CVE-2024-5495: Use after free in Dawn CVE-2024-5496: Use...
8.8CVSS
8.6AI Score
0.003EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.4AI Score
0.0004EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
8.2AI Score
0.0004EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.4AI Score
0.0004EPSS
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
[SECURITY] [DLA 3824-1] gst-plugins-base1.0 security update
Debian LTS Advisory DLA-3824-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 30, 2024 https://wiki.debian.org/LTS Package : gst-plugins-base1.0 Version : 1.14.4-2+deb10u3 CVE...
7.8CVSS
6.7AI Score
0.0004EPSS