New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in...
7.8CVSS
7.9AI Score
0.001EPSS
Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-084-01)
The version of emacs installed on the remote host is prior to 29.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-084-01 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...
7.8CVSS
7.4AI Score
0.001EPSS
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz: Upgraded. This update fixes a critical security issue: An attacker was...
7.1AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-firefox Vulnerability (SSA:2024-083-01)
The version of mozilla-firefox installed on the remote host is prior to 115.9.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-083-01 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...
5.9AI Score
0.0004EPSS
ESPHome vulnerable to Authentication bypass via Cross site request forgery
Summary API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create,...
8.1CVSS
6.7AI Score
0.0004EPSS
ESPHome vulnerable to Authentication bypass via Cross site request forgery
Summary API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create,...
8.1CVSS
6.6AI Score
0.0004EPSS
19 million plaintext passwords exposed by incorrectly configured Firebase instances
Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII). Firebase is a platform for hosting databases, cloud computing, and app development. It's owned by Google and was set up to help developers build and ship apps. What the.....
6.8AI Score
8CVSS
7.4AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.001EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.19-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: bundled libexpat was updated to 2.6.0. ...
7.8CVSS
7.4AI Score
0.001EPSS
Tax scammer goes after small business owners and self-employed people
While most tax payers don’t particularly look forward to tax season, for some scammers it’s like the opening of their hunting season. So it's no surprise that our researchers have found yet another tax-related scam. In this most recent scam, we've not seen the lure the scammer uses, but it is...
6.8AI Score
The ‘AT&T breach’—what you need to know
Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for.....
7AI Score
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.9.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...
7.5CVSS
7.7AI Score
0.001EPSS
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.9.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
7.5CVSS
7.7AI Score
0.001EPSS
New gnutls packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.4-i586-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in...
5.3CVSS
7AI Score
0.0005EPSS
7.5CVSS
7.4AI Score
0.001EPSS
5.3CVSS
5.4AI Score
0.0005EPSS
7.5CVSS
7.4AI Score
0.001EPSS
kernel security and bug fix update
[3.10.0-1160.114.2.0.1.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.114.2.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update...
8.8CVSS
7.4AI Score
0.002EPSS
Slackware Linux 15.0 / current python3 Multiple Vulnerabilities (SSA:2024-080-01)
The version of python3 installed on the remote host is prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-080-01 advisory. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in...
7.8CVSS
6.8AI Score
0.001EPSS
Store manager admits SIM swapping his customers
A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker's control. Once an attacker has....
7.3AI Score
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-079-03)
The version of mozilla-thunderbird installed on the remote host is prior to 115.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-079-03 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could ...
7.5CVSS
8.6AI Score
0.001EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-079-02)
The version of mozilla-firefox installed on the remote host is prior to 115.9.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-079-02 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could ...
7.5CVSS
8.7AI Score
0.001EPSS
Slackware Linux 15.0 / current gnutls Multiple Vulnerabilities (SSA:2024-079-01)
The version of gnutls installed on the remote host is prior to 3.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-079-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
5.3CVSS
5.6AI Score
0.0005EPSS
6.8CVSS
7.4AI Score
0.0004EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
Exploit for File Descriptor Leak in Linuxfoundation Runc
PoC of CVE-2024-21626 Read my full article for detailed...
8.6CVSS
8.7AI Score
0.051EPSS
[5.14.0-362.24.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32.....
7.8CVSS
7.6AI Score
0.001EPSS
TikTok faces ban in US unless it parts ways with Chinese owner ByteDance
The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips....
6.7AI Score
7.6AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...
9.8CVSS
9.6AI Score
0.018EPSS
New expat packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.6.2-i586-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. For more...
7.4AI Score
0.0004EPSS
New Facebook photo rule hoax spreads
Some hoaxes on Facebook are years old, but like a cat with nine lives they keep coming back again and again. This is certainly the case with this most recent hoax. Fact-checking site Snopes is reporting on a hoax that concerns Meta's use of our photos, messages and other posts on Facebook. Users...
6.9AI Score
Slackware Linux 15.0 / current expat Vulnerability (SSA:2024-073-01)
The version of expat installed on the remote host is prior to 2.6.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-073-01 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...
7.4AI Score
0.0004EPSS
Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth.....
5.4CVSS
7.8AI Score
0.0004EPSS
Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...
9.8CVSS
7.4AI Score
0.007EPSS
Tổng quan CVE-2022-21445 (điểm CVSS 9,8), lỗ hổng là sự giải...
9.7AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
6.8AI Score
0.0004EPSS
Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in. Any business that meets the definition of data broker must register with the California Privacy Protection Agency (CPPA) annually. The CPPA....
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
7AI Score
0.0004EPSS
Incognito Darknet Market Mass-Extorts Buyers, Sellers
Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass...
6.7AI Score
Test and evaluate your WAF before hackers
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...
6.6AI Score
6.5CVSS
7.4AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we...
7.5AI Score
0.0004EPSS
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
...
7.6CVSS
6.6AI Score
0.0005EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.8CVSS
7.7AI Score
0.002EPSS