Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux...
7.8CVSS
7.2AI Score
0.003EPSS
New glibc packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt. This update fixes a...
7.5AI Score
0.0005EPSS
Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...
8.4CVSS
7.9AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
Summary Vulnerability in sendmail could allow a remote attacker to spoof an email (CVE-2023-51765). Vulnerability Details ** CVEID: CVE-2023-51765 DESCRIPTION: **Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a...
5.3CVSS
6.9AI Score
0.002EPSS
10CVSS
10AI Score
0.957EPSS
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...
7AI Score
0.0005EPSS
Slackware Linux 15.0 / current aaa_glibc-solibs Vulnerability (SSA:2024-109-01)
The version of aaa_glibc-solibs installed on the remote host is prior to 2.33 / 2.39. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-109-01 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by...
7.7AI Score
0.0005EPSS
Debian dla-3781 : libgd-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3781 advisory. gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call...
7.5CVSS
7.3AI Score
0.013EPSS
7.5AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU C Library vulnerability (USN-6737-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6737-1 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...
6.9AI Score
0.0005EPSS
Debian dsa-5665 : libtomcat10-embed-java - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5665 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through...
7.5CVSS
7.5AI Score
0.005EPSS
Debian dsa-5664 : jetty9 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5664 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker...
7.5CVSS
7.2AI Score
0.0004EPSS
Debian dla-3784 : caca-utils - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3784 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences....
7.8CVSS
8.2AI Score
0.002EPSS
Debian dsa-5655 : cockpit - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5655 advisory. A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in...
7.3CVSS
7.7AI Score
0.0004EPSS
Debian dla-3788 : tzdata - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3788 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dla-3789 : libdatetime-timezone-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3789 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
6.9AI Score
0.0004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit...
10CVSS
9.9AI Score
0.957EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after...
6.6AI Score
0.0004EPSS
CVE-2024-26892 wifi: mt76: mt7921e: fix use-after-free in free_irq()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
7.5AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...
9.8CVSS
7.4AI Score
EPSS
Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2024-108-01)
The version of mozilla-thunderbird installed on the remote host is prior to 115.10.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-108-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
6.6AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...
8CVSS
6.6AI Score
0.001EPSS
Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.9AI Score
EPSS
Debian dsa-5663 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.5AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.9AI Score
EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-6729-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-2 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This...
7.5CVSS
7.1AI Score
0.005EPSS
6.8AI Score
0.0004EPSS
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For...
6.6AI Score
0.0004EPSS
This repo is made to reproduce fuzzing and analysis process of...
5.5CVSS
6AI Score
0.0004EPSS
Debian dsa-5662 : apache2 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) Faulty...
7.5CVSS
8.2AI Score
0.732EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6735-1 advisory. When an invalid public key is used to create an x509 certificate using the...
7.5CVSS
7.3AI Score
0.001EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)
The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable ...
7.3AI Score
0.0004EPSS
Debian dsa-5660 : libapache2-mod-php7.4 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5660 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration...
9.8CVSS
9.3AI Score
0.001EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-1 advisory. inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by...
9.8CVSS
8.7AI Score
0.013EPSS
Debian dsa-5661 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5661 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration...
9.8CVSS
9.3AI Score
0.001EPSS
9.4CVSS
8.4AI Score
0.006EPSS
Debian dla-3787 : xdmx - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3787 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length...
7.8CVSS
7.6AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GnuTLS vulnerabilities (USN-6733-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-1 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems...
5.3CVSS
6.7AI Score
0.0005EPSS
6.8CVSS
7.9AI Score
EPSS
Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6732-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6732-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS...
8.8CVSS
7.5AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libvirt vulnerabilities (USN-6734-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-1 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds...
6.2CVSS
7.2AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : YARD vulnerabilities (USN-6731-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6731-1 advisory. lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an ...
5.4CVSS
6.2AI Score
0.003EPSS
6.8AI Score
0.0004EPSS
New less packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/less-653-i586-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a...
7.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current less Vulnerability (SSA:2024-105-01)
The version of less installed on the remote host is prior to 653. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-105-01 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...
7.4AI Score
0.0004EPSS