Unbreakable Enterprise kernel security update
[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
8.2AI Score
EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
Exploit for Path Traversal in Apache Http Server
CVE-2021-42013 Vulnerability Scanner This Python script...
9.8CVSS
10AI Score
0.974EPSS
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when....
7.5AI Score
Exploit for Command Injection in Thimpress Learnpress
CVE-2023-6634 Exploit Script Description This repository...
9.8CVSS
8AI Score
0.298EPSS
OracleVM 3.4 : kernel-uek (OVMSA-2024-0004)
The remote OracleVM system is missing necessary patches to address security updates: A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a...
7.8CVSS
6.2AI Score
0.002EPSS
7.2AI Score
0.005EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
7AI Score
0.0004EPSS
Fake Lawsuit Threat Exposes Privnote Phishing Sites
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and...
6.7AI Score
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
7AI Score
0.0004EPSS
CVE-2024-26791 btrfs: dev-replace: properly validate device names
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
7AI Score
0.0004EPSS
Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...
5.9CVSS
7.4AI Score
0.963EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in...
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
6.6AI Score
0.0004EPSS
CVE-2024-26732 net: implement lockless setsockopt(SO_PEEK_OFF)
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
6.8AI Score
0.0004EPSS
CVE-2024-26732 net: implement lockless setsockopt(SO_PEEK_OFF)
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
6.7AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.1AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.5AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
5.9AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.1AI Score
0.0004EPSS
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and....
6.8AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur |.....
6.1AI Score
0.0004EPSS
Fedora: Security Advisory for suricata (FEDORA-2024-99337cc4a1)
The remote host is missing an update for...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socket sk_peek_off field), there is...
6.7AI Score
0.0004EPSS
Oracle Linux 9 : kernel (ELSA-2024-12265)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12265 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.6AI Score
0.002EPSS
Oracle Linux 8 : kernel (ELSA-2024-12266)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12266 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for suricata (FEDORA-2024-34eba1b1a6)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for suricata (FEDORA-2024-4aef1d6ece)
The remote host is missing an update for...
7.5AI Score
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the...
7.5CVSS
6.4AI Score
0.001EPSS
Apache Solr Backup/Restore APIs RCE
Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1 is affected by an Unrestricted Upload of File with Dangerous Type vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific...
8.8CVSS
9.1AI Score
0.871EPSS
Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
7.2CVSS
7.1AI Score
0.001EPSS
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2024-12258)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12258 advisory. A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result...
7.8CVSS
6.1AI Score
0.002EPSS
7.4AI Score
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2024-12259)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12259 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12260)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12260 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12257)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12257 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12256)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12256 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.7AI Score
0.002EPSS
7.4AI Score
7.2CVSS
7AI Score
0.001EPSS
Security Vulnerabilities fixed in Firefox for iOS 124 — Mozilla
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security...
7AI Score
0.0004EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12255)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12255 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...
7.8CVSS
7.6AI Score
0.002EPSS
7.4AI Score
7.4AI Score