VGPU Software (guest Driver - Windows), NVIDIA Cloud Gaming (guest Driver - Windows) Security Vulnerabilities
Summary IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.(CVE-2024-23944) Vulnerability Details ** CVEID: CVE-2024-23944 DESCRIPTION: **Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in...
5.4AI Score
0.0004EPSS
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE (CVE-2024-22354). Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and...
7CVSS
6.4AI Score
0.0004EPSS
salt is vulnerable to Insecure Temporary File. The vulnerability is caused by insecure permissions of /tmp within state.py, which could allow an attacker on the system to read arbitrary files created by...
6.6AI Score
0.002EPSS
magento/community-edition is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the ability of an authenticated user to inject an embedded expression into a...
5.4CVSS
6.1AI Score
0.001EPSS
Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static...
7.5AI Score
Magento is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to error handling accessing user input without sanitization, allowing an authenticated user to manipulate downloadable...
5.4CVSS
6.2AI Score
0.001EPSS
TinyMCE is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the content extraction feature, specifically when using the noneditable_regexp option, which allows an attacker to execute malicious code through specially crafted HTML attributes during content...
6.1CVSS
6.3AI Score
0.0004EPSS
salt is vulnerable to Privilege Escalation. The vulnerability is caused due to the dropping of group privileges by the salt master, which makes it easier for remote attackers to gain...
7.1AI Score
0.005EPSS
It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285) It....
6.5CVSS
8.4AI Score
0.001EPSS
socket.io is vulnerable to Denial Of Service (DoS). The vulnerability is due to a specially crafted Socket.IO packet triggering an uncaught exception, which kills the Node.js process, allowing an attacker to crash the server by sending a malicious...
7.3CVSS
6.6AI Score
0.0004EPSS
Malicious code in comet-chat-react-ui-kit (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9a6f38c4d9dd2413e237c8d146d5fcf11d04f613910b552a32a52b3e4cf199f6) The OpenSSF Package Analysis project identified 'comet-chat-react-ui-kit' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...
7.4AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
0.019EPSS
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f27363cd295f9de7f2296d9c6b6d0f18222d76ff8947d98657340216d7c80efb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in desainnew (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01bf842f0425d57bc046f2dfe5ca780425c5c598cddf38891bcb48821a75920a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in imageg (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df52076c4f31a1cfa37f150398316cecaf3fa4608747f701714ca329d155e6b8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in desain (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (13494704f154bacb5f2fc638287da1fe39acad551f086f8b5957f633ab310553) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5c297dbb19c09d8f71ccdbc712626dbf279bb972fe57afe0c04dc8e27f723a9b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
LocalAI path traversal vulnerability
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...
7.5CVSS
7AI Score
0.0004EPSS
LocalAI path traversal vulnerability
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...
7.5CVSS
6.8AI Score
0.0004EPSS
Malicious code in nodem0m (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ae93a7345bbc51bd2c0a267dc582cf90302284606b0f569ae06f4dc6a26f801a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in nt4padyp (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (813b8cef8cb7a828bbbf2b8edb29b1bbba72c65e7654fe80f07a80398a9e5133) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in pwi-cfa-components (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2d39aaa33ecd66d4aac0437e45aa6a1cddcc74bb7ed416f6b33c3a7151cbc035) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
6.5AI Score
0.001EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
6.9AI Score
0.001EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...
8.8CVSS
7.1AI Score
0.001EPSS
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
8.8CVSS
6.2AI Score
0.001EPSS
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...
7.5CVSS
6.7AI Score
0.0004EPSS
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69242 Crash type: UNKNOWN READ Crash state: H5SL_remove H5FS__sect_unlink_rest...
7.2AI Score
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...
6.3CVSS
0.0004EPSS
[9.27-13] - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver...
7.8AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
8AI Score
EPSS
Microsoft Edge (Chromium) < 126.0.2592.68 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.68. It is, therefore, affected by multiple vulnerabilities as referenced in the June 20, 2024 advisory. Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute ...
8.8CVSS
9.5AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, kcalloc() must not be.....
6.9AI Score
0.0004EPSS
RHEL 9 : ghostscript (RHSA-2024:3999)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3999 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.6AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041).....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait can be infinite and results in deadlock because.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() We don't currently validate that the values being set are within the range we advertised to userspace as being valid, do so and reject any values that are out of...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packet_type added by this packet socket by...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed object,.....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting fil...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...
6.9AI Score
0.0004EPSS