Debian dla-3810 : libapache2-mod-php7.3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3810 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's...
6.5CVSS
7AI Score
0.006EPSS
Debian dla-3811 : pypy-idna - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3811 advisory. potential DoS via resource consumption via specially crafted inputs to idna.encode() [fedora-all] (CVE-2024-3651) Note that Nessus has not tested for this issue but...
7.2AI Score
EPSS
Debian dsa-5683 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5683 advisory. Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....
7.3AI Score
0.0004EPSS
Debian dsa-5682 : libglib2.0-0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5682 advisory. An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client subscribes to signals from a trusted system...
6.9AI Score
0.0004EPSS
Neo4j Cypher component mishandles IMMUTABLE privileges
The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE...
6.9AI Score
0.0004EPSS
Ubuntu 24.04 LTS : libvirt vulnerability (USN-6763-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6763-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.2CVSS
7AI Score
0.0004EPSS
8CVSS
7.3AI Score
0.0005EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libde265 vulnerability (USN-6764-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6764-1 advisory. Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the...
6.8AI Score
0.0004EPSS
7.8CVSS
5.9AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is...
7.8CVSS
7.6AI Score
EPSS
Ubuntu 24.04 LTS : nghttp2 vulnerability (USN-6754-2)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6754-2 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number...
5.3CVSS
6.5AI Score
0.0004EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)
Summary Vulnerability in the AIX kernel may lead to privilege escalation (CVE-2024-27273). Vulnerability Details ** CVEID: CVE-2024-27273 DESCRIPTION: **IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID...
8.1CVSS
7AI Score
0.0004EPSS
[SECURITY] [DSA 5681-1] linux security update
Debian Security Advisory DSA-5681-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-6270 CVE-2023-7042...
8CVSS
7.3AI Score
0.0005EPSS
[SECURITY] [DSA 5680-1] linux security update
Debian Security Advisory DSA-5680-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2024-26605 CVE-2024-26817...
7.8CVSS
7AI Score
0.0004EPSS
AIX is vulnerable to privilege escalation (CVE-2024-27273)
IBM SECURITY ADVISORY First Issued: Mon May 6 08:12:16 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/kernel_advisory7.asc Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)...
8.1CVSS
6.5AI Score
0.0004EPSS
Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5680 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a...
7.8CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
10CVSS
9.6AI Score
0.001EPSS
Use-of-uninitialized-value in ssl_ctx_make_profiles
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68524 Crash type: Use-of-uninitialized-value Crash state: ssl_ctx_make_profiles std::__1::__function::__func<LLVMFuzzerTestOneInput::$_39, std::__1::allocator<L...
7.2AI Score
Use-of-uninitialized-value in ssl_str_to_group_ids
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68473 Crash type: Use-of-uninitialized-value Crash state: ssl_str_to_group_ids SSL_CTX_set1_groups_list std::__1::__function::__func<LLVMFuzzerTestOneInput::$_34,...
7.2AI Score
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by...
7.3AI Score
0.0004EPSS
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...
7.2AI Score
0.0004EPSS
Debian dla-3809 : kio-sieve - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3809 advisory. In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password...
7.2AI Score
0.0004EPSS
Debian dla-3807 : glibc-doc - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3807 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
7.7AI Score
0.0005EPSS
Debian dsa-5677 : libruby3.1 - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5677 advisory. Buffer overread vulnerability in StringIO [fedora-38] (CVE-2024-27280) RCE vulnerability with .rdoc_options in RDoc [fedora-38] (CVE-2024-27281) sp2ip...
7.6AI Score
EPSS
Debian dsa-5679 : less - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5679 advisory. close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. (CVE-2022-48624) less through 653 allows OS command execution via a...
7AI Score
0.0004EPSS
Debian dsa-5678 : glibc-doc - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5678 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
6.9AI Score
0.0004EPSS
Debian dla-3808 : intel-microcode - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3808 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user...
6.5CVSS
7.6AI Score
0.001EPSS
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must.....
7.8CVSS
8AI Score
0.001EPSS
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must.....
7.8CVSS
8.1AI Score
0.001EPSS
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must.....
7.8CVSS
8.3AI Score
0.001EPSS
7.3AI Score
0.0004EPSS
7.7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : PHP vulnerabilities (USN-6757-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-2 advisory. A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap...
6.5CVSS
7.2AI Score
0.006EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6747-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6747-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dsa-5676 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5676 advisory. Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted...
9.3AI Score
0.0004EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GNU C Library vulnerabilities (USN-6762-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6762-1 advisory. nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer...
7.8CVSS
8.4AI Score
0.015EPSS
Exploit for Incorrect Authorization in Pydio Cells
PoC for CVE-2023-32749 This is a quick and dirty PoC I wrote...
8.8CVSS
6.9AI Score
0.009EPSS
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
7.5AI Score
Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features Attack...
7.4AI Score
Debian dla-3806 : distro-info-data - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3806 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Debian dla-3805 : libqt5concurrent5 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3805 advisory. Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions...
9.8CVSS
8.3AI Score
0.002EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a vulnerability as referenced in the USN-6761-1 advisory. Anope before 2.0.15 does not prevent resetting the password of a suspended account. (CVE-2024-30187) ...
7.2AI Score
0.0004EPSS
Debian dla-3802 : elpa-org - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3802 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...
6.8AI Score
0.0005EPSS
Debian dla-3804 : libnghttp2-14 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3804 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of...
5.3CVSS
5.3AI Score
0.0004EPSS
Foxit Reader Lock object fields property type confusion vulnerability
Talos Vulnerability Report TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability April 30, 2024 CVE Number CVE-2024-25575 SUMMARY A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted...
8.8CVSS
8.9AI Score
0.001EPSS