7.5AI Score
7.5AI Score
6.2CVSS
7.3AI Score
0.0005EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2019-20633 affecting package patch 2.7.6-8
CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...
5.5CVSS
5.8AI Score
0.001EPSS
CVE-2023-22609 affecting package binutils 2.37-8
CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22604 affecting package binutils 2.37-8
CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22607 affecting package binutils 2.37-8
CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22606 affecting package binutils 2.37-8
CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2022-41725 affecting package gcc 11.2.0-8
CVE-2022-41725 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2022-2990 affecting package buildah 1.18.0-8
CVE-2022-2990 affecting package buildah 1.18.0-8. This CVE either no longer is or was never...
7.1CVSS
9.4AI Score
0.0005EPSS
CVE-2022-41724 affecting package gcc 11.2.0-8
CVE-2022-41724 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2023-22605 affecting package binutils 2.37-8
CVE-2023-22605 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22603 affecting package binutils 2.37-8
CVE-2023-22603 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2020-25657 affecting package m2crypto 0.35.2-8
CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available...
5.9CVSS
7.5AI Score
0.002EPSS
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...
8.1CVSS
8AI Score
EPSS
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...
7.1AI Score
libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and...
6.5CVSS
7.1AI Score
0.001EPSS
Model Extraction from Neural Networks
A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...
7.2AI Score
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It...
8.1CVSS
8.8AI Score
EPSS
7.7AI Score
EPSS
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....
10CVSS
8.4AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.001EPSS
OpenSSH -- Race condition resulting in potential remote code execution
The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...
8.1CVSS
8.5AI Score
EPSS
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)
The remote host is missing an update for the Huawei...
6.3CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...
6.9AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1868)
The remote host is missing an update for the Huawei...
5.5CVSS
5.7AI Score
0.001EPSS
7.8CVSS
8.9AI Score
EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0642
Updates of ['openssh'] packages of Photon OS have been...
9.8CVSS
10AI Score
EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...
8.1CVSS
8.5AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...
7AI Score
0.0004EPSS
8.1CVSS
8.4AI Score
EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.1AI Score
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.6AI Score
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
0.001EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....
7.5CVSS
7AI Score
0.001EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
7.4AI Score
0.0004EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
0.0004EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
0.0004EPSS
Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...
7.4CVSS
7.1AI Score
0.002EPSS
CVE-2023-2976 affecting package guava for versions less than 25.0-8
CVE-2023-2976 affecting package guava for versions less than 25.0-8. A patched version of the package is...
7.1CVSS
7AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS