Cyber Landscape is Evolving - So Should Your SCA
Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic...
7.5AI Score
Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...
7.8CVSS
9.5AI Score
0.001EPSS
The Justice Department Took Down the 911 S5 Botnet
The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....
7.4AI Score
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...
6.4AI Score
0.0004EPSS
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....
7.7AI Score
Exposure Of Sensitive Information To An Unauthorized Actor
Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
Information Exposure Through Misconfigured Permissions
Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...
6.4AI Score
0.0004EPSS
moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...
5.6AI Score
0.0004EPSS
Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....
7AI Score
0.0004EPSS
Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...
7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...
7.5CVSS
7.3AI Score
0.0004EPSS
Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...
8.1CVSS
6.5AI Score
0.001EPSS
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....
9.1CVSS
7.7AI Score
0.004EPSS
Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....
9.1CVSS
7.7AI Score
0.004EPSS
moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's...
5AI Score
0.0004EPSS
Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix...
5.3CVSS
8AI Score
0.033EPSS
Fedora: Security Advisory for rust-sevctl (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-varlink_generator (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for loupe (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-uu_base64 (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for qt5-qtserialbus (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtx11extras (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtwebview (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt6-qtshadertools (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtsvg (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for kddockwidgets (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for python-jinja2 (FEDORA-2024-ce7649d28e)
The remote host is missing an update for...
5.4CVSS
5.7AI Score
0.0004EPSS
Fedora: Security Advisory for qadwaitadecorations (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtquickcontrols2 (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for kitty (FEDORA-2024-25b47765c6)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for rust-dotenvy (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-eza (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-sequoia-sqv (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust2rpm-helper (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for sudo-rs (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-sequoia-wot (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-pretty-bytes (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-askalono-cli (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-uu_true (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-dutree (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-gimoji (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-navi (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for rust-gst-plugin-gif (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score