Security Bulletin: Triton Inference Server - April 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
7.8AI Score
0.0004EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5 Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute...
9.2AI Score
0.008EPSS
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
5.8AI Score
0.002EPSS
Summary IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details ** CVEID: CVE-2024-28764 DESCRIPTION: **IBM WebSphere Automation could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute...
7.8AI Score
0.0004EPSS
Security Bulletin: IBM WebSphere Automation is vulnerable to cross-site scripting (CVE-2024-28775)
Summary IBM WebSphere Automation is vulnerable to cross-site scripting. Vulnerability Details ** CVEID: CVE-2024-28775 DESCRIPTION: **IBM WebSphere Automation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...
6.4AI Score
0.0004EPSS
ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels...
7.3AI Score
0.0004EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
7.3AI Score
Summary IBM Java SDK is used by Power Hardware Management Console (HMC). Since V10R1 is a Java 8 based HMC, HMC has addressed the affected CVEs, which were specific to Java 8: CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2023-33850. The specified CVEs...
6.7AI Score
0.001EPSS
(RHSA-2024:2132) Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
9AI Score
0.001EPSS
Cost Calculator Builder Pro < 3.1.68 - Unauthenticated Cross-Site Scripting via SVG Upload
Description The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1AI Score
0.0005EPSS
7.4AI Score
Pouring Acid Rain By Max Kersten · April 30, 2024 In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. Their ongoing shows that wipers have.....
7.7AI Score
RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2447 advisory. Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are...
7.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.5AI Score
RHEL 9 : fence-agents (RHSA-2024:2132)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP...
7AI Score
7.3AI Score
Summary IBM Maximo Application Suite - Edge Data Collector uses rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate which is vulnerable to WS-2023-0366 Vulnerability Details ** IBM X-Force ID: 269579 DESCRIPTION: **Bytecode Alliance rustix is vulnerable to a denial of service,...
6.8AI Score
If state-sponsored actors are after one thing, it's to spread fear and uncertainty across the internet. There's always money to be made targeting individual businesses and organizations, but for James Nutland's work, it's always about the bigger picture. And his background in studying...
7.2AI Score
7.3AI Score
7.3AI Score
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
7.5CVSS
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.6AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
5.4CVSS
7.5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
5.4CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related...
6.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.6AI Score
0.0004EPSS
7.4AI Score
Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation
Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their...
7.3AI Score
0.0004EPSS
7.4AI Score
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...
8.9AI Score
Max Addons Pro for Bricks < 1.6.2 - Missing Authorization
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's...
6.9AI Score
0.0004EPSS
Fedora 40 : xen (2024-3a36322c4b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...
7AI Score
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
8AI Score
Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.5AI Score
0.0004EPSS
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.1.1 update (Important) (RHSA-2011:0945)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0945 advisory. JBoss Seam EL interpolation in exception handling (CVE-2011-2196) Note that Nessus has not tested for this issue but has instead relied only on...
6.9AI Score
RHEL 6 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1802)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1802 advisory. openid4java (AX extension): MITM due to improper validation of AX attribute signatures (CVE-2011-4314) Note that Nessus has not tested for this...
6.8AI Score
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
10AI Score
0.954EPSS
7.3AI Score
7.3AI Score
7.3AI Score
10 Critical Endpoint Security Tips You Should Know
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...
7.4AI Score
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
5.3CVSS
6.9AI Score
0.0004EPSS
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
6.1AI Score
0.0004EPSS