Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
9.8CVSS
9.8AI Score
0.161EPSS
7.5CVSS
7.7AI Score
0.007EPSS
Debian DSA-4382-1 : rssh - security update
Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of...
9.8CVSS
9.8AI Score
0.019EPSS
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : snapd vulnerability (USN-4728-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4728-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
9.3CVSS
9.2AI Score
0.0004EPSS
6.1CVSS
6.7AI Score
0.003EPSS
6.5CVSS
6.9AI Score
0.002EPSS
7.5CVSS
7AI Score
0.009EPSS
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent...
7.6AI Score
Ubuntu 18.10 : linux-azure vulnerabilities (USN-3878-2)
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)...
8.8CVSS
7.3AI Score
0.001EPSS
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...
7.5CVSS
7.4AI Score
0.001EPSS
Ubuntu 18.10 : libsolv vulnerabilities (USN-3916-1)
It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service. Note that Tenable Network Security has extracted....
6.5CVSS
6.9AI Score
0.005EPSS
7.8CVSS
6.8AI Score
0.032EPSS
8.8CVSS
8.8AI Score
0.379EPSS
9.8CVSS
8.9AI Score
0.028EPSS
7.8CVSS
6.8AI Score
0.032EPSS
Researchers Expose Security Flaw in Internet-Ready HDTVs
Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to.....
7.2AI Score
Debian DLA-1656-1 : agg security update
A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Since AGG only provides a static library, the desmume and exactimage packages were rebuilt against the latest security update. For...
8.8CVSS
9AI Score
0.003EPSS
9.8CVSS
8.8AI Score
0.014EPSS
9.1CVSS
8AI Score
0.013EPSS
7.5CVSS
7.7AI Score
0.784EPSS
9.8CVSS
7.2AI Score
0.01EPSS
9.8CVSS
7.2AI Score
0.01EPSS
9.8CVSS
8.5AI Score
0.02EPSS
Debian DSA-4379-1 : golang-1.7 - security update
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell...
8.8CVSS
8.5AI Score
0.379EPSS
5.3CVSS
5.8AI Score
0.001EPSS
6.1CVSS
6.7AI Score
0.003EPSS
9.8CVSS
9.8AI Score
0.027EPSS
7.5CVSS
7.9AI Score
0.57EPSS
6.5CVSS
7.4AI Score
0.003EPSS
9.8CVSS
9.8AI Score
0.39EPSS
8.8CVSS
8.5AI Score
0.004EPSS
7.8CVSS
6.7AI Score
0.006EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6497-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6497-1 advisory. A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets...
8.8CVSS
8.7AI Score
0.024EPSS
ghostscript-CVE-2023-43115 A small write-up with examples to...
8.8CVSS
6.5AI Score
0.002EPSS
Slackware 14.1 / 14.2 : mariadb (SSA:2019-032-01)
New mariadb packages are available for Slackware 14.1 and 14.2 to fix security...
6.5CVSS
6.7AI Score
0.005EPSS
Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...
9CVSS
9.6AI Score
0.002EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-6857-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6857-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to...
8.6CVSS
9.6AI Score
0.019EPSS
9.8CVSS
9AI Score
0.003EPSS
7.5CVSS
6.8AI Score
0.955EPSS
9.8CVSS
9.8AI Score
0.008EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5565-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5565-1 advisory. It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a...
7.8CVSS
7.8AI Score
0.01EPSS
5.3CVSS
5.8AI Score
0.001EPSS
8.8CVSS
8.1AI Score
0.003EPSS
9.8CVSS
7.3AI Score
0.007EPSS
Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)
The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...
7.5CVSS
7.7AI Score
0.001EPSS
GLSA-202406-02 : Flatpak: Sandbox Escape
The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...
8.4CVSS
7.1AI Score
0.0004EPSS
Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the....
6.8AI Score
0.0004EPSS
Debian DLA-1662-1 : libthrift-java security update
It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making...
7.5CVSS
7.6AI Score
0.002EPSS
Debian DLA-1659-1 : drupal7 security update
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...
9.8CVSS
9.7AI Score
0.921EPSS