Microsoft AI “Recall” feature records everything, secures far less
Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....
6.8AI Score
Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices
Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...
9.1AI Score
0.0004EPSS
Why Your Wi-Fi Router Doubles as an Apple AirTag
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed,...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed,...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @...
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps), ...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed,...
7.3AI Score
Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and...
6.9AI Score
0.0004EPSS
Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and...
6.6AI Score
0.0004EPSS
CVE-2021-47267 usb: fix various gadget panics on 10gbps cabling
In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps), ...
7AI Score
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2024. These issues are addressed by WebSphere Application Server shipped with WebSphere Service....
6.9AI Score
Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances
V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that should.....
7.5AI Score
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...
6.4CVSS
6.1AI Score
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...
5.9AI Score
7.1AI Score
0.0004EPSS
K000139698: Python vulnerabilities CVE-2016-5636, and CVE-2023-36632
Security Advisory Description CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based...
8.3AI Score
0.028EPSS
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2 By Chintan Shah, Maulik Maheta · May 21, 2024 Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service permissions (T1574.011), NTDS.dit file.....
7.9AI Score
K000139700: Linux kernel usbmon vulnerability CVE-2022-43750
Security Advisory Description drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. (CVE-2022-43750) Impact This vulnerability may allow an attacker with local access to gain improper...
7.1AI Score
0.0004EPSS
K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063
Security Advisory Description CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2018-1000802 Python Software Foundation Python (CPython)...
8.4AI Score
0.01EPSS
K000139685: Python vulnerability CVE-2023-40217
Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into...
7AI Score
0.0005EPSS
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2021-35942 DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain...
9.5AI Score
0.962EPSS
New mariadb packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mariadb-10.5.25-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Difficult to exploit vulnerability...
6.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3CVSS
8.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3CVSS
8.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.3CVSS
8.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.3CVSS
8.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.3CVSS
8.5AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server...
8.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary...
8.4AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...
8.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...
8.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...
8.2AI Score
0.0004EPSS
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Passbolt Api Retrieval of HTTP-only cookies
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they...
6.4AI Score
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION: **Golang Go could allow a remote attacker to traverse directories on...
7.5AI Score
0.001EPSS
Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus
[CVE-2023-27100 - pfSense Anti-brute force protection bypass]...
7.3AI Score
0.002EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.3CVSS
8.1AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...
8.7AI Score
0.0004EPSS
K000139680: MySQL2 vulnerability CVE-2024-21508
Security Advisory Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. (CVE-2024-21508) Impact There is no impact; F5 products are not...
7.8AI Score
0.0004EPSS
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-008)
The version of java-11-openjdk installed on the remote host is prior to 11.0.23.0.9-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-008 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
6.4AI Score
F5 Networks BIG-IP : Speculative race conditions vulnerabilities (K000139682)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139682 advisory. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting ...
7.8AI Score
K000139682: Speculative race conditions vulnerabilities CVE-2024-2193 and CVE-2024-26602
Security Advisory Description CVE-2024-2193 A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data...
5.5AI Score
0.0004EPSS
K000139684: AMD processors vulnerability CVE-2023-20569
Security Advisory Description A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. (CVE-2023-20569) Impact...
6.3AI Score
0.0004EPSS
K000139678: MySQL Server vulnerability CVE-2024-21055
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
6AI Score
0.0004EPSS
K000139692: Websense vulnerabilities CVE-2006-2035 and CVE-2010-5144
Security Advisory Description CVE-2006-2035 Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. CVE-2010-5144 The ISAPI Filter plug-in in Websense...
7.1AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-3 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.5AI Score
Slackware Linux 15.0 / current mariadb Vulnerability (SSA:2024-141-01)
The version of mariadb installed on the remote host is prior to 10.11.8 / 10.5.25. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-141-01 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are...
5.9AI Score
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC...
7AI Score
(Pwn2Own) QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability
This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device's localhost interface, which can be accomplished using a malicious TURN server. The specific flaw...
9.9CVSS
6.6AI Score