6.7AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.4AI Score
0.0004EPSS
4.7CVSS
6.8AI Score
0.0004EPSS
8.1CVSS
6.7AI Score
0.001EPSS
Important: flatpak security update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
8.4CVSS
8.6AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.4AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
7.4AI Score
0.0004EPSS
irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...
7AI Score
0.0004EPSS
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...
7.1AI Score
0.0004EPSS
SonarQube logs sensitive information
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...
4.9CVSS
6.9AI Score
0.0004EPSS
langchain_experimental Code Execution via Python REPL access
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...
6.5AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...
7.3AI Score
0.0004EPSS
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for...
7.3AI Score
0.0004EPSS
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...
7.3AI Score
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially...
8.1AI Score
0.0004EPSS
Security exception in jflex.core.NFA.insertNFA
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69587 Crash type: Security exception Crash state: jflex.core.NFA.insertNFA jflex.core.unicode.IntCharSet.indexOf...
7.1AI Score
7.4CVSS
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Malicious code in employee-schedule (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (71b36d3a13dcd71ba835e490919b150ec8fbc7de88517906ec7aecaaf89dcbab) The OpenSSF Package Analysis project identified 'employee-schedule' @ 99.9.2 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...
7AI Score
5.3CVSS
6.7AI Score
0.002EPSS
7.2AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Malicious code in uxcamreactexample (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (75476f3b67d0bc9c961d33e6be1f5a3728b33a076d896f36e401b8ff259ab9ee) The OpenSSF Package Analysis project identified 'uxcamreactexample' @ 5.1.1 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in @cart-ui/core-i18n (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (89568273084fef75464b1c975014417bf122a818685035e43012bb1ff5c3ba33) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7.2AI Score
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...
6.5CVSS
6.5AI Score
0.0004EPSS
Malicious code in @yoimiiya/fetchs (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d75204d09806f7c69f49ddc0043e5dfb208aedd7bafbf0e49fd8c0d1252643b1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
linux-azure, linux-gke vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...
7.8CVSS
8.3AI Score
0.0005EPSS
linux-nvidia-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
7.4AI Score
0.001EPSS
linux-azure, linux-azure-fde vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.2AI Score
0.0004EPSS
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to...
6.3CVSS
6.8AI Score
0.0004EPSS
Important: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....
5.9CVSS
6.7AI Score
0.001EPSS
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...
5.3CVSS
7.2AI Score
0.0004EPSS
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...
4.9CVSS
7.1AI Score
0.0005EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (Rocky Linux-37697) Security Fix(es): ruby: Buffer overread...
6.9AI Score
EPSS
Moderate: buildah security and bug fix update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
4.9CVSS
7.2AI Score
0.0005EPSS
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
7.3AI Score
0.0004EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
8AI Score
0.0004EPSS
Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
5.3CVSS
7.3AI Score
0.0004EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (Rocky Linux-35449) Security Fix(es): ruby: Buffer overread...
6.9AI Score
EPSS
Important: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...
7.3AI Score
0.0004EPSS
Moderate: gvisor-tap-vsock security and bug fix update
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): ...
7.1AI Score
0.0004EPSS
Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....
6.3CVSS
6.6AI Score
0.0005EPSS
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....
6.3CVSS
7.2AI Score
0.0005EPSS
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
7.4AI Score
0.001EPSS
Important: ipa security update
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user...
8.1CVSS
7.2AI Score
0.0004EPSS
Important: 389-ds-base security update
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): 389-ds-base: potential denial of service via specially crafted kerberos...
7.5CVSS
6.8AI Score
0.0004EPSS