openSUSE 15 Security Update : xen (openSUSE-SU-2021:3968-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3968-1 advisory. PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified...
8.8CVSS
0.2AI Score
0.003EPSS
openSUSE 15 Security Update : xen (openSUSE-SU-2021:1543-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1543-1 advisory. PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified...
8.8CVSS
0.2AI Score
0.003EPSS
Debian DSA-5017-1 : xen - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5017 advisory. PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory...
8.8CVSS
0.2AI Score
0.003EPSS
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2021:3888-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3888-1 advisory. PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions...
8.8CVSS
8.5AI Score
0.003EPSS
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2021:3852-1)
The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3852-1 advisory. PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory...
8.8CVSS
8.5AI Score
0.003EPSS
SUSE SLES12 Security Update : xen (SUSE-SU-2021:3849-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3849-1 advisory. Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The...
8.8CVSS
8.5AI Score
0.003EPSS
SUSE SLES15 Security Update : xen (SUSE-SU-2021:3842-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3842-1 advisory. Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The...
8.8CVSS
8.5AI Score
0.003EPSS
SUSE SLES12 Security Update : xen (SUSE-SU-2021:3851-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3851-1 advisory. PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which...
8.8CVSS
8.4AI Score
0.003EPSS
SUSE SLES12 Security Update : xen (SUSE-SU-2021:3813-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3813-1 advisory. PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...
8.8CVSS
8.4AI Score
0.003EPSS
Digital-Forensics-Lab - Free Hands-On Digital Forensics Labs For Students And Faculty
Features of Repository =================== Hands-on Digital Forensics Labs: designed for Students and Faculty Linux-based lab: All labs are purely based on Kali Linux Lab screenshots: Each lab has PPTs with instruction screenshots Comprehensive: Cover many topics in digital forensics Free: All...
6.7AI Score
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.7AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.7AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
6.6AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
0.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.5AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8CVSS
8.4AI Score
0.001EPSS
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory...
8.8AI Score
0.001EPSS
PoD operations on misaligned GFNs
ISSUE DESCRIPTION x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages...
8.8CVSS
8.5AI Score
0.001EPSS
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU...
7.5CVSS
7.3AI Score
0.011EPSS
News overview Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim's IP address over TCP. To date,...
7.1AI Score
NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0126)
The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and...
7.8CVSS
7AI Score
0.003EPSS
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake “Love2Shop” gift card site to harvest people’s payment information, invest the stolen money in cryptocurrency...
-0.8AI Score
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0104)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel...
7.8CVSS
-0.2AI Score
0.008EPSS
Data analytics firm exposed 2m Instagram and TikTok users’ data
By Deeba Ahmed The victims of this "data leak" also include celebrities like Alicia Keys, Loren Gray, Kylie Jenner, Ariana Grande, and Kim Kardashian. This is a post from HackRead.com Read the original post: Data analytics firm exposed 2m Instagram and TikTok users'...
3.4AI Score
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random...
7.5CVSS
7.8AI Score
0.069EPSS
Siemens SCALANCE W1750D (Update B)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Authentication, Classic Buffer Overflow, Command Injection, Improper Input Validation, Race Condition, Cross-site Scripting, Basic XSS,...
9.8CVSS
9.6AI Score
0.407EPSS
A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3.....
6.5CVSS
6.3AI Score
0.001EPSS
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security...
5.3CVSS
5.4AI Score
0.002EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant.....
7.2CVSS
7.2AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant....
7.2CVSS
7.2AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x:...
7.2CVSS
7.2AI Score
0.003EPSS
A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security...
9.8CVSS
9.7AI Score
0.006EPSS
StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination
StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability to, for example, relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another.....
7.2AI Score
DDoS Chart Toppers?BPS, PPS and RPS Greatest Hits
New to the scene, monster-sized botnet M?ris is raising some eyebrows with giant requests per second (rps) attacks as shared by Cloudflare (17.2M rps, reported August 19), Yandex (peaking at 21.8M rps on September 5), and KrebsOnSecurity (2M rps on September 9). Some commentary came in on...
2.1AI Score
An attacker can steal funds from multi-token vaults
Handle WatchPug Vulnerability details The total balance should NOT be simply added from different tokens' tokenAmounts, considering that the price of tokens may not be the same. https://github.com/code-423n4/2021-09-yaxis/blob/cf7d9448e70b5c1163a1773adb4709d9d6ad6c99/contracts/v3/Vault.sol#L324...
6.7AI Score
Multiple Siemens SIMATIC products vulnerable to sensitive information disclosure
SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices.The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processors connect the S7-1500 controllers to the Ethernet. It...
6.5CVSS
1.5AI Score
0.001EPSS