Monthly
Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).
Memory-safety flaw in the Linux kernel's NVMe-over-TCP target driver (nvmet-tcp) lets a connected initiator drive the kernel into reading received network data through an uninitialized iov_iter. Because nvmet_tcp_build_pdu_iovec() reported out-of-bounds PDU length/offset only via a fatal-error side effect while returning void, callers such as nvmet_tcp_handle_h2c_data_pdu() continued and advanced the receive state machine over an uninitialized cmd->recv_msg.msg_iter, leading to memory corruption or denial of service. NVD rates this 9.8 (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.17%, 7th percentile) and there is no public exploit identified at time of analysis; it is not in CISA KEV.
Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.
`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in Drupal Core allows File Manipulation.0.0 before 10.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).
Memory-safety flaw in the Linux kernel's NVMe-over-TCP target driver (nvmet-tcp) lets a connected initiator drive the kernel into reading received network data through an uninitialized iov_iter. Because nvmet_tcp_build_pdu_iovec() reported out-of-bounds PDU length/offset only via a fatal-error side effect while returning void, callers such as nvmet_tcp_handle_h2c_data_pdu() continued and advanced the receive state machine over an uninitialized cmd->recv_msg.msg_iter, leading to memory corruption or denial of service. NVD rates this 9.8 (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.17%, 7th percentile) and there is no public exploit identified at time of analysis; it is not in CISA KEV.
Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.
`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in Drupal Core allows File Manipulation.0.0 before 10.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.