In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.5AI Score
0.0004EPSS
AlmaLinux 8 : glibc (ALSA-2024:2722)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
7.7AI Score
0.0005EPSS
nordsee-ferienhaus-krabbe-32.de Improper Access Control vulnerability OBB-3820098
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
[SECURITY] [DLA 3775-1] firefox-esr security update
Debian LTS Advisory DLA-3775-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 25, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.9.1esr-1~deb10u1 CVE...
7.5CVSS
8.5AI Score
0.001EPSS
CrushFTP Remote Code Execution Exploit
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...
9.8CVSS
8.8AI Score
0.959EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to ...
7AI Score
0.0004EPSS
FreeBSD : wordpress -- XSS (ea4a2dfc-f761-11ee-af2c-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4a2dfc-f761-11ee-af2c-589cfc0f81b0 advisory. The Wordpress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block...
6AI Score
In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop oob_skb ref before purging queue in GC. syzbot reported another task hung in __unix_gc(). [0] The current while loop assumes that all of the left candidates have oob_skb and calling kfree_skb(oob_skb) releases the...
7.7AI Score
0.0004EPSS
cessy000.de Improper Access Control vulnerability OBB-3818121
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
carbon4.de Improper Access Control vulnerability OBB-3818084
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to register with...
7.1AI Score
0.0004EPSS
Debian DSA-4519-1 : libreoffice - security update
It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found...
7.8CVSS
8.9AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to register with...
7.7AI Score
0.0004EPSS
kaufen-auf-rechnung24.de Improper Access Control vulnerability OBB-3819181
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...
9.6AI Score
0.002EPSS
creahoch5.de Improper Access Control vulnerability OBB-3818225
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
dac2018.de Improper Access Control vulnerability OBB-3818256
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
cmc24.de Improper Access Control vulnerability OBB-3818183
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Oracle Linux 8 : glibc (ELSA-2024-2722)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to...
7.4AI Score
0.0005EPSS
Debian dla-3790 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
bo1.de Improper Access Control vulnerability OBB-3817586
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
bkgermany20.de Improper Access Control vulnerability OBB-3817547
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linux Linux Kernel
cve-2022-4543-wrapper Introduction This is a wrapper of...
5.5CVSS
5.7AI Score
0.0004EPSS
(RHSA-2024:1425) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
bikeboerse24.de Improper Access Control vulnerability OBB-3817511
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least....
6.2AI Score
0.0004EPSS
(RHSA-2024:1427) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
openSUSE Security Update : libreoffice (openSUSE-2019-2057)
This update for libreoffice fixes the following issues : Security issues fixed : CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). CVE-2019-9851: Fixed LibreLogo...
9.8CVSS
8.1AI Score
0.971EPSS
Exploit for Out-of-bounds Write in Microsoft
Since February 2022 was reported a new ransomware that appears...
7.8CVSS
8.6AI Score
0.026EPSS
[SECURITY] [DLA 3769-1] thunderbird security update
Debian LTS Advisory DLA-3769-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 23, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.9.0-1~deb10u1 CVE...
7.5CVSS
8.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically...
6.5AI Score
0.0004EPSS
Rocky Linux 8 : glibc (RLSA-2024:2722)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
7.6AI Score
0.0005EPSS
(RHSA-2024:1423) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Microsoft
Since February 2022 was reported a new ransomware that appears...
7.8CVSS
8.6AI Score
0.026EPSS
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...
6.8AI Score
Web Server Directory Enumeration
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...
9.6AI Score
0.002EPSS
Google Enhances Search Security to Flag Compromised Web Pages
Google has introduced a new security feature in its search engine to flag more web pages that might have been compromised by hackers. This new feature expands Google's long-standing program that marks websites hosting malicious software with a “This site may harm your computer” warning. Now, a new....
6.8AI Score
RHEL 6 : libreoffice (RHSA-2015:1458)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1458 advisory. libreoffice: HWP file filter vulnerability (CVE-2015-1774) Note that Nessus has not tested for this issue but has instead relied only on the...
6.2AI Score
0.017EPSS
eventexpress24.de Improper Access Control vulnerability OBB-3816737
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
elbe19.de Improper Access Control vulnerability OBB-3816618
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
9.8CVSS
7.6AI Score
0.0004EPSS
fanradio.fufa-sv98.de Cross Site Scripting vulnerability OBB-3817268
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dcc1979.de Improper Access Control vulnerability OBB-3816246
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
designpics2.de Improper Access Control vulnerability OBB-3816303
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
EulerOS 2.0 SP8 : samba (EulerOS-SA-2019-2116)
According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters...
9.1CVSS
7.9AI Score
0.007EPSS
fcemporweimar06.de Improper Access Control vulnerability OBB-3816835
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Debian DLA-1947-1 : libreoffice security update
Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics......
9.8CVSS
9.7AI Score
0.971EPSS
em2.de Improper Access Control vulnerability OBB-3816654
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
erzgebirgsshop24.de Improper Access Control vulnerability OBB-3816712
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
dnh24.de Improper Access Control vulnerability OBB-3816436
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score