CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu...
8.3AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
8.3AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
0.0004EPSS
Explained: Android overlays and how they are used to trick people
Sometimes you’ll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are...
7.2AI Score
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...
9.8CVSS
9.3AI Score
0.974EPSS
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...
9.8CVSS
10.1AI Score
EPSS
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...
7.3AI Score
Helpful tools to get started in IoT Assessments
The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start. Having performed dozens of IoT assessments, I felt it would be beneficial to compile a basic list of items that are...
6.9AI Score
7.8AI Score
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...
6.9AI Score
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...
6.6AI Score
Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub (32-bit) and Scalar52::sub...
7.2AI Score
How are attackers trying to bypass MFA?
In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...
8.1AI Score
Analysis of user password strength
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...
6.9AI Score
Rethinking Democracy for the Age of AI
There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...
6.4AI Score
7.2AI Score
Insufficient Control Flow Management
Evmos is vulnerable to Insufficient Control Flow Management. The vulnerability is due to different ante handler checks for Cosmos and Ethereum transactions, allowing a clawback account to bypass Cosmos checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos.....
3.5CVSS
6.7AI Score
0.0004EPSS
nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the...
7.8AI Score
0.0004EPSS
Sensitive Information Disclosure
urllib3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the Proxy-Authorization header, which is not removed on cross-origin redirects, which could allow an attacker to expose sensntive authentication material to unintended hosts. Note that this.....
4.4CVSS
4.7AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu...
0.0004EPSS
4.4CVSS
7.1AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3969)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3969 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : container-tools:rhel8 update (Moderate) (RHSA-2024:3968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3968 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...
4.9CVSS
5.3AI Score
0.0005EPSS
This Week in Spring - June 18th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I.....
7.3AI Score
RHEL 7 : flatpak (RHSA-2024:3980)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...
8.4CVSS
8.6AI Score
0.0004EPSS
Nextcloud Server is prone to an improper access control ...
3.5CVSS
7AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id...
0.0004EPSS
Moderate: container-tools:rhel8 bug fix and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) buildah: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...
4.9CVSS
4.8AI Score
0.0005EPSS
7.5CVSS
7.7AI Score
0.05EPSS
7.5CVSS
5.8AI Score
0.001EPSS
RHEL 9 : flatpak (RHSA-2024:3970)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...
6.5CVSS
6.2AI Score
0.006EPSS
6.5AI Score
0.0004EPSS
Python IP Ranges Vulnerability (Jun 2024) - Mac OS X
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3972)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8AI Score
0.0004EPSS
7.1CVSS
7.5AI Score
0.0004EPSS
5.3CVSS
6.6AI Score
0.001EPSS
7.1AI Score
0.0004EPSS
7.1AI Score
EPSS
Nextcloud Server is prone to an information disclosure ...
3.5CVSS
6.7AI Score
0.0004EPSS
Python IP Ranges Vulnerability (Jun 2024) - Windows
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
7.4AI Score
Python IP Ranges Vulnerability (Jun 2024) - Linux
Python is prone to a vulnerability in the ipaddress...
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for mariadb (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
Fedora: Security Advisory for galera (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
SUSE SLES15 Security Update : booth (SUSE-SU-2024:2041-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2041-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...
5.9CVSS
5.6AI Score
0.001EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
0.0004EPSS
K000140043: runc vulnerability CVE-2024-21626
Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...
8.6CVSS
7AI Score
0.051EPSS
K000140039: Intel QAT vulnerability CVE-2023-32641
Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...
8.8CVSS
7.5AI Score
0.001EPSS
7.1AI Score
EPSS