[SECURITY] Fedora 39 Update: espeak-ng-1.51.1-6.fc39
The eSpeak NG (Next Generation) Text-to-Speech program is an open source spee ch synthesizer that supports over 70 languages. It is based on the eSpeak engine created by Jonathan Duddington. It uses spectral formant synthesis by default which sounds robotic, but can be configured to use Klatt...
5.5CVSS
5.3AI Score
0.001EPSS
pyload-ng is vulnerable to Log Injection. The vulnerability is caused due to a lack of validation while logging an error in api_blueprint.py and app_blueprint.py. An attacker can corrupt log files exploiting this...
5.3CVSS
6.7AI Score
0.005EPSS
pyload-ng is vulnerable to Unauthenticated Information Disclosure. The vulnerability is due to improper authorization and authentication checks. This issue can be exploited by an attacker to disclose sensitive information such as Flask configurations, which includes the SECRET_KEY...
7.5CVSS
6.5AI Score
0.118EPSS
Fedora 39 : espeak-ng (2024-5661c87b25)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5661c87b25 advisory. Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. (CVE-2023-49990) Espeak-ng...
5.5CVSS
7.6AI Score
0.001EPSS
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
pyload Log Injection vulnerability
Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the.....
5.3CVSS
7.4AI Score
0.005EPSS
pyload Log Injection vulnerability
Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the.....
5.3CVSS
7.4AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2024-1026)
The remote host is missing an update for the Huawei...
3.3CVSS
4.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2024-1052)
The remote host is missing an update for the Huawei...
3.3CVSS
4.4AI Score
0.0004EPSS
OCSInventory allow stored email template with special characters that lead to a Stored cross-site...
6.9CVSS
6.4AI Score
0.0005EPSS
OCSInventory allow stored email template with special characters that lead to a Stored cross-site...
6.9CVSS
6.5AI Score
0.0005EPSS
Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities
Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie. The affected products are: Aladdin Garage door smart retrofit kit, Model ALDCM Android Mobile application ALADDIN Connect, Version 5.65 Build 2075 .....
8.8CVSS
6.7AI Score
0.001EPSS
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and improvements to the Metasploit Framework. This year marked the 20th anniversary since Metasploit version 1.0 was committed and the project is still actively maintained and improved thanks to a thriving community. Version 6.3....
9.8CVSS
10AI Score
0.975EPSS
Fedora: Security Advisory for minizip-ng (FEDORA-2023-2ca76c3aae)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: minizip-ng-3.0.7-4.fc38
Minizip-ng zlib-ng contribution that includes: * AES encryption * I/O buffering * PKWARE disk splitting It also has the latest bug fixes that having been found all over the...
8.8CVSS
8.8AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: minizip-ng-3.0.7-5.fc39
Minizip-ng zlib-ng contribution that includes: * AES encryption * I/O buffering * PKWARE disk splitting It also has the latest bug fixes that having been found all over the...
8.8CVSS
8.8AI Score
0.001EPSS
Fedora: Security Advisory for minizip-ng (FEDORA-2023-5aa1ebc5e9)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.001EPSS
Fedora 39 : minizip-ng (2023-5aa1ebc5e9)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5aa1ebc5e9 advisory. Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash...
8.8CVSS
7.9AI Score
0.001EPSS
Fedora 38 : minizip-ng (2023-2ca76c3aae)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2ca76c3aae advisory. Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash...
8.8CVSS
7.9AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3488)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
7.4AI Score
0.004EPSS
7.4AI Score
0.001EPSS
3.8CVSS
7.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3516)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3508)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3480)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection...
9.8CVSS
8.1AI Score
0.004EPSS
Espeak-ng is vulnerable to Buffer Overflow. The vulnerability is caused due to missing validation for word length in the RemoveEnding function within dictionary.c., which can result in Denial of...
5.3CVSS
6.8AI Score
0.0005EPSS
libespeak-ng.so is vulnerable to Stack Buffer Underflow. The vulnerability is caused by a lack of validation for the length parameter before its passed to malloc. An attacker can exploit this by providing an excessively small or manipulated value that could potentially lead to a buffer...
5.3CVSS
5.4AI Score
0.0005EPSS
libespeak-ng.so is vulnerable to Denial Of Service through Floating Point Exception. The vulnerability is due to the PeaksToHarmspect function within wavegen.c failing to check the wdata.pitch_env pointer before it is used. The function AdvanceParameters directly uses wdata.pitch_env without...
5.5CVSS
6.8AI Score
0.001EPSS
Espeak-ng is vulnerable to Buffer Overflow. The vulnerability is due to the SetUpPhonemeTable function within synthdata.c. This issue can be exploited by an attacker to cause denial of...
5.3CVSS
6.7AI Score
0.0005EPSS
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
As 2023 nears its end, it's time to pause and reflect. It’s time to assess what worked and what didn't, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in...
9.8CVSS
10AI Score
0.971EPSS
Summary Multiple issues were identified in Red Hat UBI packages, go-toolset and OSE are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2023-25153 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a...
8.1CVSS
9.1AI Score
0.732EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3446)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
7.4AI Score
PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-pdl-to-image...
6.7CVSS
7.3AI Score
0.001EPSS
libespeak-ng.so is vulnerable to Buffer Overflow. The vulnerability is caused by the ReadClause function in readclause.c due to not having a bounds check when writing data to buffer. This allows an attacker to craft an input to trigger the overflow, potentially leads to code execution or Denial of....
5.3CVSS
5.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3384)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2023-3366)
The remote host is missing an update for the Huawei...
3.3CVSS
4.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...
8.8CVSS
8.8AI Score
0.024EPSS
A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a floating point exception error, which may lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red...
5.5CVSS
6.5AI Score
0.001EPSS
A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a buffer overflow condition, which may lead to an application crash or allow for arbitrary code execution. Mitigation Mitigation for this issue is either not available or the currently...
5.3CVSS
7.5AI Score
0.0005EPSS
A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a buffer overflow condition, which may lead to an application crash or allow for arbitrary code execution. Mitigation Mitigation for this issue is either not available or the currently...
5.3CVSS
7.5AI Score
0.0005EPSS
A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a buffer underflow condition, which may lead to an application crash or allow for arbitrary code execution. Mitigation Mitigation for this issue is either not available or the currently...
5.3CVSS
7.2AI Score
0.0005EPSS
A flaw was found in the espeak-ng package. A local attacker can use a specially-crafted payload to trigger a buffer overflow condition, which can lead to an application crash or allow for arbitrary code execution. Mitigation Mitigation for this issue is either not available or the currently...
5.3CVSS
7.5AI Score
0.0005EPSS
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at...
5.3CVSS
5.1AI Score
0.0005EPSS
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at...
5.3CVSS
5.1AI Score
0.0005EPSS
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at...
5.5CVSS
5.3AI Score
0.001EPSS
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at...
5.3CVSS
7.5AI Score
0.0005EPSS