In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->txq_map's size is...
6.3AI Score
0.0004EPSS
Debian dsa-5698 : ruby-rack - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5698 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5698-1 [email protected] ...
5.8CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a kernel panic when...
6.3AI Score
0.0004EPSS
Debian dsa-5699 : redmine - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5699 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5699-1 [email protected] ...
6.1CVSS
7AI Score
0.0005EPSS
Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.0.39_security-8 advisory. Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...
9.8CVSS
6.5AI Score
0.737EPSS
Ubuntu 24.04 LTS : klibc vulnerabilities (USN-6736-2)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-2 advisory. USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was...
9.8CVSS
8.2AI Score
0.013EPSS
Apache Tomcat 7.0.0 < 7.0.73 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.73. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.73_security-7 advisory. Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...
9.8CVSS
6.5AI Score
0.737EPSS
openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer...
5.9CVSS
8AI Score
0.963EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : VLC vulnerabilities (USN-6783-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6783-1 advisory. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use ...
9.8CVSS
8.4AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : cJSON vulnerabilities (USN-6784-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6784-1 advisory. It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash,...
7.5CVSS
7.9AI Score
0.001EPSS
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6777-4)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-4 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
7.8CVSS
7.7AI Score
0.0004EPSS
Ubuntu 24.04 LTS : OpenSSL update (USN-6663-3)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-3 advisory. USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a...
7.2AI Score
Ubuntu 24.04 LTS : GNOME Remote Desktop vulnerability (USN-6785-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6785-1 advisory. Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to...
7.4AI Score
EPSS
Apache Tomcat 9.0.0.M1 < 9.0.0.M13 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.0.m13_security-9 advisory. Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x...
9.8CVSS
7AI Score
0.737EPSS
gix traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
8.8CVSS
8AI Score
0.0004EPSS
gix traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
8.8CVSS
8AI Score
0.0004EPSS
m-l-b.ch Improper Access Control vulnerability OBB-3929909
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Debian dsa-5695 : gir1.2-javascriptcoregtk-4.0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5695 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5695-1 [email protected] ...
6.4AI Score
0.0004EPSS
Debian dsa-5696 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5696 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5696-1 [email protected] ...
7.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6782-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6782-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
9AI Score
0.0004EPSS
Ubuntu 16.04 LTS : Linux kernel (GCP) vulnerabilities (USN-6777-3)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-3 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
7.8CVSS
7.9AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6780-1 advisory. Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant.....
6.7AI Score
EPSS
4.9CVSS
7.1AI Score
0.0005EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6779-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6779-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially...
8.9AI Score
0.0004EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6781-1 advisory. Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is...
7.8CVSS
7.7AI Score
0.053EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6775-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6775-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading...
4.3CVSS
6.9AI Score
0.0004EPSS
New mariadb packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mariadb-10.5.25-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability...
4.9CVSS
6.2AI Score
0.0005EPSS
Debian dla-3817 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3817 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects...
8.4AI Score
0.0004EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6777-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading...
7.8CVSS
7.9AI Score
0.0004EPSS
Slackware Linux 15.0 / current mariadb Vulnerability (SSA:2024-141-01)
The version of mariadb installed on the remote host is prior to 10.11.8 / 10.5.25. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-141-01 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are...
4.9CVSS
5.9AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-3 advisory. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations...
7.8CVSS
6.8AI Score
EPSS
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC...
7AI Score
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...
7.7AI Score
Fuji Xerox / Fujifilm Printers CSRF Vulnerability (CVE-2024-22475)
Multiple Fuji Xerox / Fujifilm printers are prone to a cross-site request forgery (CSRF) vulnerability in the Web Based...
6.8AI Score
0.0004EPSS
Debian dsa-5694 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5694 advisory. Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page....
8.8CVSS
9.5AI Score
0.002EPSS
Fuji Xerox / Fujifilm Printers Multiple Vulnerabilities (Mar 2024)
Multiple Fuji Xerox / Fujifilm printers are prone to multiple vulnerabilities in the Web Based...
6.8AI Score
0.0004EPSS
Debian dla-3816 : bind9 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3816 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU...
7.5CVSS
7.7AI Score
0.05EPSS
Debian dsa-5693 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] ...
8.8AI Score
0.0004EPSS
New git packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/git-2.39.4-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Recursive clones on case-insensitive filesystems that...
9CVSS
7.8AI Score
0.002EPSS
[slackware-security] gdk-pixbuf2
New gdk-pixbuf2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz: Upgraded. ani: Reject files with multiple INA or IART chunks. ani: Reject files...
7.8CVSS
7.1AI Score
0.001EPSS
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands (CVE-2024-27260). Vulnerability Details ** CVEID: CVE-2024-27260 DESCRIPTION: **IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout...
8.4CVSS
7.3AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6777-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-1 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the...
7.8CVSS
7.1AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
4.3CVSS
6.3AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
4.3CVSS
6.3AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6775-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6775-1 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging...
4.3CVSS
7.2AI Score
0.0004EPSS
Slackware Linux 15.0 / current git Multiple Vulnerabilities (SSA:2024-136-02)
The version of git installed on the remote host is prior to 2.39.4 / 2.45.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-136-02 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...
9CVSS
7.9AI Score
0.002EPSS
7.8CVSS
7.1AI Score
0.001EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe - Linux...
7.8CVSS
7.6AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6774-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6774-1 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect...
4.3CVSS
7.3AI Score
EPSS
9CVSS
5.9AI Score
0.002EPSS