Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...
6.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...
6.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...
6.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...
6.7AI Score
0.0004EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions
Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've...
8.1AI Score
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
typo3/cms-core is vulnerable to Remote Code Execution. The vulnerability is due to the ability to obfuscate Phar files as image or text files, which can then be uploaded and invoked via manipulated URLs in TYPO3 backend forms, which allows an attacker to execute arbitrary...
8.1AI Score
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
7.1AI Score
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080
Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...
5.6AI Score
0.0004EPSS
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...
6.5CVSS
6.4AI Score
0.0004EPSS
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...
7.2CVSS
6.5AI Score
0.0004EPSS
RHEL 4 : expat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Memory leak in poolGrow (CVE-2012-1148) The XML parser (xmlparse.c) in expat before 2.1.0...
7.8AI Score
0.009EPSS
RHEL 4 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...
6.5AI Score
0.0004EPSS
RHEL 6 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...
7.3AI Score
0.0004EPSS
RHEL 6 : perl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: heap buffer overflow in pp_pack.c (CVE-2018-6913) Perl 5.10.x allows context-dependent attackers...
7.8CVSS
8.1AI Score
0.57EPSS
RHEL 6 : tomcat5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: security manager bypass via IntrospectHelper utility function (CVE-2016-5018) The Realm...
9.1CVSS
7.3AI Score
0.002EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
K000139876: Linux kernel vulnerability CVE-2021-46955
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...
5.9AI Score
0.0004EPSS
RHEL 5 : unixodbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) ...
7.8CVSS
8.2AI Score
0.004EPSS
RHEL 6 : unixodbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) ...
7.8CVSS
7.9AI Score
0.004EPSS
RHEL 5 : apr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) tables/apr_hash.c in the...
7.1CVSS
7.5AI Score
0.008EPSS
RHEL 5 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...
9.8CVSS
8.1AI Score
0.106EPSS
RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) (CVE-2017-10346) ...
9.6CVSS
5.6AI Score
0.009EPSS
RHEL 4 : unixodbc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unixODBC: possible buffer overrun in SQLDriverConnect() (CVE-2011-1145) Buffer overflow in the...
7.8CVSS
8.2AI Score
0.0004EPSS
RHEL 5 : java-1.6.0-sun (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520) (CVE-2017-3509) ...
5.9CVSS
5.2AI Score
0.007EPSS
RHEL 6 : expat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...
9.8CVSS
8AI Score
EPSS
RHEL 7 : db4 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140) Vulnerability in the Data...
7.8CVSS
5.1AI Score
0.001EPSS
RHEL 5 : conga (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. plone: private content access in through-the-web templates (CVE-2017-1000483) plone: Open URL redirect...
6.1CVSS
6.9AI Score
0.019EPSS
RHEL 5 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their ...
6.5AI Score
0.0004EPSS
RHEL 6 : ocaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ocaml: Integer overflow in byterun/bigarray.c:caml_ba_deserialize() allows remote attackers to cause a ...
9.8CVSS
9.9AI Score
0.013EPSS
RHEL 5 : expat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...
9.8CVSS
7.5AI Score
EPSS
RHEL 6 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...
7.5CVSS
7.6AI Score
0.106EPSS
RHEL 7 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: heap-based buffer overflow related to the ReadJPEG function (CVE-2017-8358) LibreOffice...
6.5CVSS
8.6AI Score
0.063EPSS
RHEL 8 : nginx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication ...
7.8CVSS
9.4AI Score
EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
[SECURITY] Fedora 39 Update: ruff-0.3.7-2.fc39
An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle,...
7.4AI Score
Mysterious Hack Destroyed 600,000 Internet Routers
Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and...
7.3AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
5.9CVSS
6.1AI Score
0.0004EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
symphony is vulnerable to Improper Input Validation. The vulnerability is due to incorrect parsing of the Authorization header in applications using HTTP basic or digest authentication, which could be exploited in certain server...
6.6AI Score
EPSS
[SECURITY] Fedora 39 Update: wireshark-4.0.15-1.fc39
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
6.4CVSS
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: wireshark-4.2.5-1.fc40
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
6.4CVSS
6.3AI Score
0.0004EPSS
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
EPSS
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....
7.1CVSS
6.7AI Score
0.001EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
9.3CVSS
7.5AI Score
0.001EPSS
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)
The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
6.8CVSS
6.8AI Score
0.002EPSS
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-012)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0_312.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-012 advisory. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is.....
8.6CVSS
8AI Score
0.017EPSS