Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6758-1 advisory. JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files)....
8.8CVSS
7.7AI Score
0.006EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6760-1 advisory. A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and...
5.5CVSS
6.8AI Score
0.0004EPSS
Ubuntu 24.04 LTS. : GNU C Library vulnerability (USN-6737-2)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6737-2 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
6.8AI Score
0.0005EPSS
Debian dla-3801 : emacs - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3801 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...
6.5AI Score
0.0005EPSS
Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed...
6.8AI Score
0.0004EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a vulnerability as referenced in the USN-6756-1 advisory. less through 653 allows OS command execution via a newline character in the name of a file,...
6.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU cpio vulnerabilities (USN-6755-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6755-1 advisory. Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a...
4.9CVSS
6.9AI Score
0.0004EPSS
Ubuntu 24.04 LTS. : Pillow vulnerability (USN-6744-3)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6744-3 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not...
6.7CVSS
7.1AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-6757-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-1 advisory. A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value...
6.5CVSS
7.2AI Score
0.006EPSS
Ubuntu 24.04 LTS. : FreeRDP vulnerabilities (USN-6759-1)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6759-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read....
9.8CVSS
6.8AI Score
0.0004EPSS
Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...
6.2CVSS
6.9AI Score
0.001EPSS
Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue...
7.5CVSS
6.8AI Score
0.005EPSS
Ubuntu 24.04 LTS. : GnuTLS vulnerabilities (USN-6733-2)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-2 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
5.3AI Score
0.0005EPSS
Debian dla-3800 : ruby-rack - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3800 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected,...
5.8CVSS
6.7AI Score
0.0004EPSS
Debian dla-3799 : trafficserver - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3799 advisory. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are...
7AI Score
0.0004EPSS
Debian dla-3798 : zabbix-agent - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3798 advisory. The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. (CVE-2024-22119) Note that Nessus has not tested for this...
5.5CVSS
7AI Score
0.0004EPSS
Debian dla-3796 : mediawiki - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3796 advisory. An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php,...
6.1CVSS
6.3AI Score
0.001EPSS
Debian dla-3797 : frr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3797 advisory. Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. (CVE-2022-26125) ...
9.8CVSS
7.9AI Score
0.029EPSS
Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs
Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...
7.2AI Score
l-w.nl Improper Access Control vulnerability OBB-3922868
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
7.8CVSS
7.5AI Score
0.001EPSS
Debian dla-3795 : knot-resolver - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3795 advisory. A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC...
7.5CVSS
7.1AI Score
0.008EPSS
Debian dsa-5675 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5675 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....
8.8CVSS
9.3AI Score
0.001EPSS
vyper performs double eval of the slice start/length args in certain cases
Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....
5.3CVSS
5.5AI Score
0.0004EPSS
vyper performs double eval of the slice start/length args in certain cases
Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....
5.3CVSS
5.5AI Score
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...
10CVSS
9.9AI Score
0.966EPSS
[slackware-security] libarchive
New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the...
7.8CVSS
7.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
7.5AI Score
0.0004EPSS
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6751-1 advisory. An authenticated user can create a link with reflected Javascript code inside it for the discovery...
5.4CVSS
7.5AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
6.1AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CryptoJS vulnerability (USN-6753-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6753-1 advisory. crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than...
9.1CVSS
6.8AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Dnsmasq vulnerabilities (USN-6657-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6657-2 advisory. An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of...
7.5CVSS
7.7AI Score
0.05EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : nghttp2 vulnerabilities (USN-6754-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6754-1 advisory. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization ...
7.5CVSS
7.7AI Score
0.732EPSS
Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6743-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-3 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the...
7.8CVSS
7AI Score
0.0004EPSS
Debian dla-3794 : pterm - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory. PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message....
8.1CVSS
8.5AI Score
0.963EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox...
7.3AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : FreeRDP vulnerabilities (USN-6752-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6752-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to...
9.8CVSS
7.2AI Score
0.0004EPSS
Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2024-116-01)
The version of libarchive installed on the remote host is prior to 3.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-116-01 advisory. libarchive Remote Code Execution Vulnerability (CVE-2024-26256) Note that Nessus has not tested for this issue but has instead...
7.8CVSS
7.5AI Score
0.001EPSS
Debian dsa-5674 : pdns-recursor - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5674 advisory. A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default...
7.5CVSS
7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : FreeRDP vulnerabilities (USN-6749-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6749-1 advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow...
9.8CVSS
9.5AI Score
0.001EPSS
Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
Summary Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code (CVE-2023-7104). RPM is used by AIX for package management. Vulnerability Details ** CVEID: CVE-2023-7104 DESCRIPTION: **SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by...
7.3CVSS
8AI Score
0.001EPSS
CVE-2024-26923 af_unix: Fix garbage collector racing against connect()
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
6.7AI Score
0.0004EPSS
CVE-2024-26923 af_unix: Fix garbage collector racing against connect()
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...
7.7AI Score
0.0004EPSS
pyLoad allows upload to arbitrary folder lead to RCE
Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...
9.1CVSS
7.2AI Score
0.0004EPSS
pyLoad allows upload to arbitrary folder lead to RCE
Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...
9.1CVSS
7.1AI Score
0.0004EPSS
AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)...
7.3CVSS
9.4AI Score
0.001EPSS