In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
6.3AI Score
0.0004EPSS
CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
7.4AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 124.0.6367.95 (Platform version: 15823.40.0) for most ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General:...
8AI Score
0.0005EPSS
Fedora Update for kernel-headers FEDORA-2019-e37c348348
The remote host is missing an update for...
5.6CVSS
7.2AI Score
0.001EPSS
Fedora Update for kernel-headers FEDORA-2019-6bda4c81f4
The remote host is missing an update for...
5.6CVSS
7.2AI Score
0.001EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.5AI Score
0.0004EPSS
CVE-2021-47169 serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
6.7AI Score
0.0004EPSS
Fedora Update for kernel-tools FEDORA-2019-e37c348348
The remote host is missing an update for...
5.6CVSS
7.2AI Score
0.001EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
CVE-2023-6917 Pcp: unsafe use of directories allows pcp to root privilege escalation
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
6CVSS
6.2AI Score
0.0004EPSS
Oracle Linux 9 : pcp (ELSA-2024-2213)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2213 advisory. A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services...
6CVSS
6.5AI Score
0.0004EPSS
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
6CVSS
5.9AI Score
0.0004EPSS
Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering
A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, had been...
7.1AI Score
Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB4475506)
This host is missing an important security update according to Microsoft...
7.8CVSS
7.6AI Score
0.014EPSS
Microsoft Office 2013 Service Pack 1 Remote Code Execution Vulnerability (KB4464599)
This host is missing an important security update according to Microsoft...
7.8CVSS
7.6AI Score
0.014EPSS
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts....
5.4CVSS
6.8AI Score
0.0004EPSS
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering.....
5.4CVSS
6.8AI Score
0.0004EPSS
Microsoft Office 2016 Remote Code Execution Vulnerability (KB4475538)
This host is missing an important security update according to Microsoft...
7.8CVSS
7.6AI Score
0.014EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general...
6.7AI Score
0.0004EPSS
7.3AI Score
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
6CVSS
6AI Score
0.0004EPSS
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.5AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
Command Execution Vulnerability in Dahua EIMS System of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Dahua EIMS system of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to gain server...
7.5AI Score
Microsoft Windows Multiple Vulnerabilities (KB4512506)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.2AI Score
0.902EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512488)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.2AI Score
0.902EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512507)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.902EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512497)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.902EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512516)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.902EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
7.5CVSS
6.9AI Score
0.001EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512508)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.821EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after...
6.6AI Score
0.0004EPSS
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured...
5.4CVSS
6.8AI Score
0.0004EPSS
Microsoft Windows Multiple Vulnerabilities (KB4511553)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.821EPSS
Microsoft Windows Multiple Vulnerabilities (KB4512517)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.902EPSS
A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google
Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and...
7.1AI Score
Microsoft Windows Multiple Vulnerabilities (KB4512501)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.5AI Score
0.902EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......
6.6AI Score
0.0004EPSS
RHEL 6 : pcp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) A Improper Limitation of...
7.4AI Score
0.001EPSS
Do not print on AppSocket and socketAPI printers
The host seems to be an AppSocket or socketAPI printer. Scanning it will waste paper. So ports 2000, 2501, 9100-9107, 9112-9116, 9200 and 10001...
7.3AI Score
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)
The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in...
9.8CVSS
9.4AI Score
0.123EPSS
Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.5CVSS
7.7AI Score
0.0005EPSS
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...
7.2AI Score
0.0004EPSS
Debian DLA-1932-1 : openssl security update
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...
4.7CVSS
6.5AI Score
0.015EPSS
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...
7.5AI Score
0.0004EPSS
Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...
2.7CVSS
6.7AI Score
0.0004EPSS
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...
7.4AI Score
0.0004EPSS
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...
8.4AI Score
0.102EPSS
Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports : Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV...
5.3CVSS
4.7AI Score
0.0004EPSS