Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Intel Microcode vulnerability (USN-8068-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8068-1 advisory. Sergiu Ghetie discovered that some Intel processors did not properly handle values in the microcode flow. ...

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-8068 CV...

MAL-2025-8068 Malicious code in @hopper-b2b/flair (npm)

The package @hopper-b2b/flair was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

WordPress HT Mega plugin <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions vulnerability

Improper Authorization to Authenticated Contributor+ Limited Administrator Actions vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.9.1...

CVE-2025-8068

The CVE-2025-8068 issue affects the WordPress plugin HT Mega – Absolute Addons For Elementor. A vulnerability in the ajax_trash_templates function arises from an improper capability check, making authenticated users with Contributor-level access and above able to delete arbitrary attachment files...

CVE-2025-8068 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajaxtrashtemplates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, wi...

CVE-2024-8068 Privilege escalation to NetworkService Account access

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain...

CVE-2024-8068

creationtimestamp| type| source ---|---|--- 2024-11-12 16:21:28+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113470897346004162 2024-11-12 19:44:07+00:00| seen| https://t.me/cvedetector/10675 2024-11-12 21:23:09+00:00| seen|...

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution RCE The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators...

VulnCheck KEV: CVE-2024-8068

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...

Adobe Digital Editions < 4.0.1 (APSB14-25) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.0.1. It is, therefore, affected by a vulnerability as referenced in the APSB14-25 advisory. - Adobe Digital Editions DE 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remo...

Rocky Linux 9 : bind (RLSA-2022:8068)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8068 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND...

Oracle Linux 9 : bind (ELSA-2022-8068)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8068 advisory. - Fix possible serve-stale related crash CVE-2022-3080 - Fix memory leak in ECDSA verify processing CVE-2022-38177 - Fix memory leak in EdDSA verify...

AlmaLinux 9 : bind (ALSA-2022:8068)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8068 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9...

RHEL 9 : bind (RHSA-2022:8068)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8068 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1396)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-8068

This CVE entry is rejected/not used; it does not represent an active vulnerability.

CVE-2016-8068

...

CVE-2017-8068

drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than one virtual pag...

CVE-2017-8068

drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than one virtual pag...