+ Message Security Vulnerabilities
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.7AI Score
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
6.9AI Score
0.0004EPSS
Summary An improper error handling vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50953 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error...
5.8AI Score
EPSS
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...
6AI Score
EPSS
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...
0.0004EPSS
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...
5.9AI Score
0.0004EPSS
Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...
7.5CVSS
7.8AI Score
0.003EPSS
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.0004EPSS
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.0004EPSS
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
CVE-2024-35155 IBM MQ information disclosure
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
runc vulnerable to container breakout through process.cwd trickery and leaked fds in...
8.6CVSS
6.9AI Score
0.051EPSS
Moby (Docker Engine) Insufficiently restricted permissions on data directory in...
6.3CVSS
6.7AI Score
0.0005EPSS
5.5CVSS
6.3AI Score
0.001EPSS
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...
7.5CVSS
7.1AI Score
0.974EPSS
Updated erofs-utils packages fix security vulnerabilities
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem...
7.8CVSS
7.9AI Score
0.003EPSS
Updated libopenmpt packages fix security vulnerabilities
Possible out-of-bounds read or write when reading malformed MED files. (r19389). [Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338). Write buffer overflow when reading unseekable files...
7.8AI Score
A vulnerability was found in Kerberos. This flaw is due to an issue with message token...
6.8AI Score
0.0004EPSS
A vulnerability was found in Kerberos. This flaw is due to an issue with message token...
6.8AI Score
0.0004EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
0.0004EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1859)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1850)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...
7.5CVSS
8.4AI Score
0.05EPSS
7.5AI Score
8.6CVSS
7.4AI Score
0.019EPSS
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game...
0.0004EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1862)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications...
6.5CVSS
7AI Score
0.003EPSS
7.8CVSS
7.1AI Score
0.003EPSS
EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1864)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...
7.5CVSS
8.2AI Score
0.05EPSS
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1876)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications...
6.5CVSS
7AI Score
0.003EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1873)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
Debian dla-3847 : dcmtk - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3847 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3847-1 [email protected] ...
7.5CVSS
7.2AI Score
0.003EPSS
Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability (XSS) in JupyterHub and remote code execution (RCE) vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service (DOS) vulnerability and an...
8.8CVSS
10AI Score
0.005EPSS
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...
7.8AI Score
CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...
9.8CVSS
7AI Score
0.038EPSS
Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-28651) It was discovered that Squid...
8.6CVSS
7.6AI Score
0.019EPSS
A vulnerability was found in the Jenkins Structs Plugin. When it fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
6.1AI Score
0.0004EPSS
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...
6.5CVSS
6.1AI Score
0.0004EPSS
Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID: CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...
6.5CVSS
6.1AI Score
0.0004EPSS
Fedora: Security Advisory for moodle (FEDORA-2024-9df8ef935b)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for freeipa (FEDORA-2024-2a466c6514)
The remote host is missing an update for...
8.1CVSS
7.1AI Score
0.0005EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-508d03d0c7)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
IBM MQ 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7158058)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158058 advisory. IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used...
6.5CVSS
6.3AI Score
0.0004EPSS
Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-6857-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6857-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to...
8.6CVSS
9.6AI Score
0.019EPSS
Debian dla-3845 : dlt-daemon - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3845 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3845-1 [email protected] ...
7.5CVSS
7.5AI Score
0.001EPSS
Fedora: Security Advisory for firefox (FEDORA-2024-a61be271bb)
The remote host is missing an update for...
7.5AI Score