Malicious code in sc-chimerra (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3a106b927a97b76a0d2cbd0b8a5b6b03bd325ff075a0747b3d0f370b62f0d691) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in sc-chimer (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0f470aa8655a172b4c57dcceec010741d839640839045d16030fc0b1e0728722) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in sc-chimeraa (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4626fc57714041286c4d134ad1b96055b5d5ae22d6d918906506d76b8df027aa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
[2.28-236.0.1.13] - Forward port of Oracle patches. Reviewed-by: Jose E....
6.3AI Score
0.0005EPSS
(RHSA-2024:2722) Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
7.4AI Score
0.0005EPSS
RHEL 8 : glibc (RHSA-2024:2722)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2722 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...
7.1AI Score
0.0005EPSS
Important: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....
8.3AI Score
0.0005EPSS
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8AI Score
0.0004EPSS
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.003EPSS
Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This...
8.2AI Score
0.0004EPSS
Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8AI Score
0.0004EPSS
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
6.8AI Score
0.0004EPSS
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8AI Score
0.0004EPSS
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. This...
7.5CVSS
6.9AI Score
0.0004EPSS
Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8.4AI Score
0.0004EPSS
Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This...
8.3AI Score
0.0004EPSS
Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for....
5.9CVSS
7.1AI Score
0.0004EPSS
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files.....
9.1CVSS
7AI Score
0.001EPSS
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and...
8.3AI Score
0.0004EPSS
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations.....
7.9AI Score
0.0004EPSS
Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8AI Score
0.0004EPSS
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends...
5.3CVSS
6.7AI Score
0.0005EPSS
Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
8.4AI Score
0.0004EPSS
Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
7.4AI Score
0.0004EPSS
Amazon Linux 2 : glibc (ALAS-2024-2521)
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2521 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes...
6.8AI Score
0.0005EPSS
7.4AI Score
7.5AI Score
0.0004EPSS
7.4AI Score
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...
8.9AI Score
0.971EPSS
Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2024-589)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-589 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may...
6.7AI Score
0.0005EPSS
RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1593)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1593 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service...
7.5CVSS
7.5AI Score
0.964EPSS
CentOS 9 : glibc-2.34-83.el9.3
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.3 build changelog. Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) (CVE-2023-4527) potential use-after-free in gaih_inet (RHEL-2438)...
6.5CVSS
7.8AI Score
0.001EPSS
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal,...
9.1CVSS
8.6AI Score
0.001EPSS
Issue Overview: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable....
7.6AI Score
0.0005EPSS
kernel security and bug fix update
[3.10.0-1160.118.1.0.1] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.118.1] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey...
9.8CVSS
8.2AI Score
0.001EPSS
[SECURITY] [DLA 3791-1] thunderbird security update
Debian LTS Advisory DLA-3791-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 22, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.10.1-1~deb10u1 CVE...
10AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
7.1AI Score
0.0004EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
6.7AI Score
0.0004EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
9.2AI Score
0.0004EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
9.4AI Score
0.0004EPSS
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit...
9.1CVSS
6.8AI Score
0.0004EPSS
[SECURITY] [DLA 3790-1] firefox-esr security update
Debian LTS Advisory DLA-3790-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 19, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.10.0esr-1~deb10u1 CVE...
10AI Score
0.0004EPSS
Debian dla-3790 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.2AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
[SECURITY] [DSA 5663-1] firefox-esr security update
Debian Security Advisory DSA-5663-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-2609 CVE-2024-3302...
6.9AI Score
0.0004EPSS
Debian dsa-5663 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
7.5AI Score
0.0004EPSS
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections,....
7.5CVSS
6.7AI Score
0.0004EPSS
In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across.....
7.5CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
0.001EPSS