Monthly
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Memory corruption and potential information disclosure in the Linux kernel networking stack (skbuff) occurs because skb_try_coalesce() fails to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between socket buffers. The flaw breaks an invariant relied upon by IPsec ESP input processing, which may then decrypt data in-place over page-cache-backed fragments belonging to other contexts. No public exploit identified at time of analysis, EPSS sits at 0.02%, and the issue is patched across multiple stable trees.
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Memory corruption and potential information disclosure in the Linux kernel networking stack (skbuff) occurs because skb_try_coalesce() fails to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between socket buffers. The flaw breaks an invariant relied upon by IPsec ESP input processing, which may then decrypt data in-place over page-cache-backed fragments belonging to other contexts. No public exploit identified at time of analysis, EPSS sits at 0.02%, and the issue is patched across multiple stable trees.
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.