RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
RHEL 6 : openexr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenEXR: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer (CVE-2021-23169) OpenEXR: Heap Overflow in...
7.9AI Score
0.014EPSS
RHEL 7 : openexr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenEXR: Out-of-bounds write in the = operator function (CVE-2017-9115) In OpenEXR 2.2.0, a crafted...
7.8AI Score
0.014EPSS
Exploit for Improper Preservation of Permissions in Mobyproject Moby
CVE-2021-41091 Un bug en Moby (Docker Engine) permite a...
6.3CVSS
7.1AI Score
0.0005EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
7.8CVSS
7AI Score
0.002EPSS
7.4AI Score
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
7.8CVSS
7AI Score
0.002EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Function
CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones...
9.8CVSS
9.8AI Score
0.974EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
6.7AI Score
0.0004EPSS
Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries
A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...
7.1AI Score
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5680 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a...
7.8CVSS
6.5AI Score
0.0004EPSS
Rocky Linux 8 : rear (RLSA-2024:1719)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:1719 advisory. Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system...
5.5CVSS
7.4AI Score
0.0004EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data
SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does...
7.2AI Score
Dropbox Sign customer data accessed in breach
Dropbox is reporting a recent "security incident" in which an attacker gained unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to...
7.5AI Score
Watch out for tech support scams lurking in sponsored search results
This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....
7.2AI Score
On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely...
6.9AI Score
Fedora 38 : kernel (2024-f35f9525d6)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.4AI Score
0.0004EPSS
Fedora 40 : kernel (2024-010fe8772a)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.5AI Score
0.0004EPSS
Fedora 39 : kernel (2024-bc0db39a14)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as....
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as....
7.5AI Score
0.0004EPSS
CVE-2024-26999 serial/pmac_zilog: Remove flawed mitigation for rx irq flood
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as....
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as....
7.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
7.8CVSS
8AI Score
EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
FBI warns online daters to avoid “free” online verification schemes that prove costly
The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information.....
6.9AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
HTTP based detection of the Express Node.js web application framework and Node.js itself (based on the Express...
6.1CVSS
7AI Score
0.0004EPSS
Exploit for Path Traversal in Aiohttp
poc-cve-2024-23334 This repository contains a proof of...
7.5CVSS
7.6AI Score
0.052EPSS
y-shimoyama.com Cross Site Scripting vulnerability OBB-3922111
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.8CVSS
7.5AI Score
0.001EPSS
vyper performs incorrect topic logging in raw_log
Summary Incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of raw_log() were found at all in production; it is apparently...
5.3CVSS
5.3AI Score
0.0004EPSS
vyper performs incorrect topic logging in raw_log
Summary Incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of raw_log() were found at all in production; it is apparently...
5.3CVSS
5.3AI Score
0.0004EPSS
[slackware-security] libarchive
New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the...
7.8CVSS
7.6AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2024-116-01)
The version of libarchive installed on the remote host is prior to 3.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-116-01 advisory. libarchive Remote Code Execution Vulnerability (CVE-2024-26256) Note that Nessus has not tested for this issue but has instead...
7.8CVSS
7.5AI Score
0.001EPSS
pyLoad allows upload to arbitrary folder lead to RCE
Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...
9.1CVSS
7.2AI Score
0.0004EPSS
pyLoad allows upload to arbitrary folder lead to RCE
Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/<path:filename>", endpoint="render") de...
9.1CVSS
7.1AI Score
0.0004EPSS
Assessing the Y, and How, of the XZ Utils incident
High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....
7.6AI Score
Slackware Linux 15.0 / current ruby Multiple Vulnerabilities (SSA:2024-114-01)
The version of ruby installed on the remote host is prior to 3.0.7 / 3.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-114-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version.....
7.4AI Score
EPSS
EnvíaloSimple: Email Marketing y Newsletters < 2.3 - Reflected Cross-Site Scripting
Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
7.1CVSS
6.5AI Score
0.0004EPSS
7.5AI Score
EPSS