CVE-2024-36939 nfs: Handle error of rpc_proc_register() in nfs_net_init().
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...
6.5AI Score
0.0004EPSS
CVE-2024-36939 nfs: Handle error of rpc_proc_register() in nfs_net_init().
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...
7.2AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6779-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6779-2 advisory. USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: ...
8AI Score
0.0004EPSS
Debian DLA-1836-1 : thunderbird security update
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 'Jessie', these problems have been fixed in version 1:60.7.2-1~deb8u1. We recommend that you upgrade your thunderbird packages. NOTE: Tenable....
8.8CVSS
10AI Score
0.752EPSS
8CVSS
7.5AI Score
EPSS
weinstore24.de Improper Access Control vulnerability OBB-3828871
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If...
5.5CVSS
6.2AI Score
0.0004EPSS
Debian DLA-1820-1 : thunderbird security update
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 'Jessie', these problems have been fixed in version 1:60.7.1-1~deb8u1. We recommend that you upgrade your thunderbird packages. NOTE: Tenable....
9.8CVSS
9.8AI Score
0.099EPSS
9.8CVSS
9.7AI Score
0.374EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....
7.8CVSS
7.6AI Score
EPSS
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a....
7.1CVSS
7AI Score
0.001EPSS
mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor.....
8.6CVSS
6.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when...
6.3AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6701-3)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-3 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux...
7.8CVSS
7.7AI Score
0.003EPSS
solution360.de Cross Site Scripting vulnerability OBB-3828711
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0483-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0483-1 advisory. Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer...
7.8CVSS
6.9AI Score
0.002EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...
7.5AI Score
EPSS
Contao SQL injection in the backend and listing module
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing...
9.8CVSS
7.7AI Score
0.002EPSS
radelier-de-la-loue.asso-web.com Cross Site Scripting vulnerability OBB-3938608
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the....
7.5CVSS
7AI Score
0.001EPSS
AlmaLinux 9 : libreoffice (ALSA-2024:1427)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1427 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
8.8CVSS
9.3AI Score
0.001EPSS
Debian dsa-5690 : fonts-opensymbol - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] ...
6AI Score
0.0004EPSS
Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6701-4)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-4 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This...
7.8CVSS
7.7AI Score
0.003EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (GCP) vulnerabilities (USN-6701-2)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-2 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux...
7.8CVSS
7.7AI Score
0.003EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
Issue Overview: 2024-05-23: CVE-2021-46909 was added to this advisory. 2024-05-23: CVE-2021-46974 was added to this advisory. 2024-03-13: CVE-2021-46905 was added to this advisory. 2024-03-13: CVE-2021-46904 was added to this advisory. 2024-03-13: CVE-2021-46915 was added to this advisory. An...
7CVSS
6AI Score
0.001EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
7.8CVSS
7AI Score
EPSS
7.5AI Score
0.0004EPSS
Rocky Linux 8 : libreoffice (RLSA-2024:1514)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1514 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
8.8CVSS
9.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->...
7AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6701-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-1 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux...
7.8CVSS
7.7AI Score
0.003EPSS
Contao SQL injection in the backend and listing module
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the backend as well as in the listing...
9.8CVSS
9.8AI Score
0.002EPSS
7.3AI Score
pizza-taxi-24.de Cross Site Scripting vulnerability OBB-3829358
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
hfw1970.de Cross Site Scripting vulnerability OBB-3828229
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
Debian DSA-2699-1 : iceweasel - several vulnerabilities
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary.....
9.6AI Score
0.911EPSS
Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.8AI Score
0.001EPSS
VLC < 3.0.8 Multiple Vulnerabilities
The version of VLC media player installed on the remote Windows host is prior to 3.0.8. It is, therefore, affected by multiple vulnerabilities: An integer underflow condition exists in the modules/demux/mp4/mp4.c component of VLC Player. An unauthenticated, remote attacker can exploit this,...
9.8CVSS
7.6AI Score
0.009EPSS
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Amazon Linux 2 : glibc (ALAS-2019-1140)
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex()...
7.5CVSS
6.5AI Score
0.006EPSS
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...
9.8CVSS
9AI Score
0.374EPSS
Debian DSA-4464-1 : thunderbird - security update
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are...
9.8CVSS
9.4AI Score
0.099EPSS
openSUSE Security Update : LibreOffice and dependency libraries (openSUSE-2019-912)
This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues : LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes : The full changelog can be found on :...
7.5CVSS
6.9AI Score
0.171EPSS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...
8.8CVSS
7.6AI Score
0.969EPSS
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Debian dla-3815 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3815 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects...
7.7AI Score
0.0004EPSS
QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...
7AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS