In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is...
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is...
7AI Score
0.0004EPSS
.NET 8.0 Update - May 28 2024 (KB5039845)
.NET 8.0 Update - May 28 2024 (KB5039845) NET 8.0 has been refreshed with the latest update as of May 28, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 8.0 servicing updates are upgrades. The latest servicing update for.....
7AI Score
.NET 7.0 Update - May 28, 2024 (KB5039844)
.NET 7.0 Update - May 28, 2024 (KB5039844) NET 7.0 has been refreshed with the latest update as of May 28, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 7.0 servicing updates are upgrades. The latest servicing update for....
7AI Score
CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-36919 scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....
6.8AI Score
0.0004EPSS
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope...
9.8CVSS
9.2AI Score
0.026EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
6.7AI Score
0.0004EPSS
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope...
9.8CVSS
9.3AI Score
0.026EPSS
.NET 6.0 Update - May 28, 2024 (KB5039843)
.NET 6.0 Update - May 28, 2024 (KB5039843) .NET 6.0 has been refreshed with the latest update as of May 28, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 6.0 servicing updates are upgrades. The latest servicing update...
7AI Score
SugarCRM 3.5.1 - Cross-Site Scripting
SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key...
6.1CVSS
5.9AI Score
0.001EPSS
CVE-2021-34429 POC for CVE-2021-34429 - Eclipse Jetty 11.0.5...
5.3CVSS
5.7AI Score
0.489EPSS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result,...
6.6AI Score
0.0004EPSS
CVE-2024-36907 SUNRPC: add a missing rpc_stat for TCP TLS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result,...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0...
6.8AI Score
0.0004EPSS
CVE-2021-47041 nvmet-tcp: fix incorrect locking in state_change sk callback
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state so we should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....
6.5AI Score
0.0004EPSS
CVE-2024-36919 scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....
7.4AI Score
0.0004EPSS
CentOS 9 : perl-Encode-3.08-462.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the perl- Encode-3.08-462.el9 build changelog. Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in...
7.8CVSS
7.7AI Score
0.001EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
7.6AI Score
0.001EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
5.9AI Score
0.001EPSS
Oracle Linux 8 : perl-CPAN (ELSA-2024-3094)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3094 advisory. [2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for...
8.1CVSS
7AI Score
0.004EPSS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result,...
6.4AI Score
0.0004EPSS
WordPress EasyCart <2.0.6 - Information Disclosure
WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo...
6AI Score
0.028EPSS
CVE-2021-47552 blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....
6.5AI Score
0.0004EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 124.0.6367.60 release. It includes 23 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest...
8.8CVSS
8.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state so we should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and...
6.3AI Score
0.0004EPSS
CVE-2021-47041 nvmet-tcp: fix incorrect locking in state_change sk callback
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state so we should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and...
7.5AI Score
0.0004EPSS
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...
5.2CVSS
4.8AI Score
0.0005EPSS
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via...
6.1CVSS
6AI Score
0.002EPSS
Oracle Linux 8 : perl:5.32 (ELSA-2024-3128)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3128 advisory. perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 ...
7.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....
7.4AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
6.3AI Score
0.001EPSS
CVE-2021-47552 blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....
6.7AI Score
0.0004EPSS
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
5.8AI Score
0.0004EPSS
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be...
5.4CVSS
5.3AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability.....
8.8CVSS
8.8AI Score
0.001EPSS
Memory corruption in modem due to improper input validation while handling the incoming CoAP...
9.8CVSS
9.5AI Score
0.001EPSS
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's Disallowed Remote Addresses list...
5CVSS
5.3AI Score
0.001EPSS
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...
6.1CVSS
6AI Score
0.001EPSS
A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential...
7.1AI Score
0.0004EPSS
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID:...
6.7CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
7.4AI Score
0.0004EPSS
IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.
By Waqas The leaked data was previously being sold by the IntelBroker hacker for just $3,000 in Monero (XMR) cryptocurrency. This is a post from HackRead.com Read the original post: IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity...
7.2AI Score