Debian dsa-5714 : roundcube - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5714 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected] ...
6.2AI Score
0.0004EPSS
Debian dla-3833 : libapache2-mod-php7.3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3833 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3833-1 [email protected] ...
5.3CVSS
6AI Score
0.006EPSS
K000140039: Intel QAT vulnerability CVE-2023-32641
Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...
8.8CVSS
7.5AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...
7.6AI Score
EPSS
7.4AI Score
Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—.....
7.4AI Score
Not Just Another 100% Score: MITRE ENGENUITY ATT&CK
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—.....
7.4AI Score
Insyde BIOS June 2024 EDK II Reference Vulnerabilities
Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS (Insyde H20 UEFI Firmware), which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate...
7.8CVSS
8.2AI Score
0.0004EPSS
Debian dsa-5715 : composer - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] ...
8.8CVSS
9.6AI Score
0.0004EPSS
Oracle Linux 7 : glibc (ELSA-2024-12442)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12442 advisory. - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: April-28-2023...
9.8CVSS
10AI Score
0.009EPSS
LNbits improperly handles potential network and payment failures when using Eclair backend
Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....
8.1CVSS
6.7AI Score
0.0004EPSS
LNbits improperly handles potential network and payment failures when using Eclair backend
Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....
8.1CVSS
6.7AI Score
0.0004EPSS
Malvertising Campaign Leads to Execution of Oyster Backdoor
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...
7.5AI Score
0.0004EPSS
software: emacs 28.1 WASP: ROSA-CHROME package_evr_string: emacs-28.1-5 CVE-ID: CVE-2022-48339 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A problem was discovered in GNU Emacs. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and srcdir...
9.8CVSS
7.9AI Score
0.002EPSS
F-logic DataCube3 - SQL Injection
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...
7.3AI Score
0.001EPSS
Debian dla-3835 : roundcube - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected] ...
6.6AI Score
0.0004EPSS
7.4AI Score
Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)
The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...
7.5CVSS
7.7AI Score
0.001EPSS
Debian dla-3832 : python-bson - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3832 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3832-1 [email protected] ...
8.1CVSS
8AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : SSSD vulnerability (USN-6836-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6836-1 advisory. It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations....
7.1CVSS
6.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked...
8.1AI Score
EPSS
7.4AI Score
7.4AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
0.0004EPSS
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-6039 Feng Office Workspaces sql injection
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
0.0004EPSS
CVE-2024-6039 Feng Office Workspaces sql injection
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
6.8AI Score
0.0004EPSS
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...
7.2AI Score
Debian dla-3830 : libvpx-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3830 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3830-1 [email protected] ...
6.6AI Score
0.0004EPSS
Debian dsa-5712 : ffmpeg - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...
8AI Score
0.0004EPSS
Debian dsa-5713 : libndp-dbg - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5713 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5713-1 [email protected] ...
8.1CVSS
7.9AI Score
0.0004EPSS
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...
7AI Score
Exploit for OS Command Injection in Php
CVE-2024-4577 Argument injection vulnerability in PHP...
9.8CVSS
7.2AI Score
0.967EPSS
Debian dsa-5711 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...
7.5AI Score
0.0004EPSS
Debian dla-3828 : atril - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3828 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] ...
9.6CVSS
9.1AI Score
0.005EPSS
Debian dla-3829 : libmilter-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...
5.3CVSS
6.7AI Score
0.002EPSS
Exploit for Path Traversal in Solarwinds Serv-U
CVE-2024-28995 PoC and Bulk Scanner Overview This...
8.6CVSS
6.7AI Score
0.343EPSS
curl: Denial of Service in curl Request - HTTP headers eat all memory
Summary: Curl's unrestricted header storage lets malicious servers overwhelm memory, leading to out of Memory ( DOS) . When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on how many....
7AI Score
Exploit for Path Traversal in Solarwinds Serv-U
Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds...
8.6CVSS
7AI Score
0.343EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
8.2AI Score
0.0004EPSS
Debian dsa-5710 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5710 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5710-1 [email protected] ...
8.8CVSS
9.3AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...
7.8CVSS
8.5AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
RICOH Printers Improper Authentication Vulnerability (Mar 2024)
Multiple RICOH printers and multifunction printers are prone to an improper authentication...
7.3AI Score
0.0004EPSS
Fortinet FortiClient (FG-IR-22-059) (macOS)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Debian dla-3827 : libcolorcorrect5 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...
6.4AI Score
EPSS