(RHSA-2024:2784) Important: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the container...
7.3AI Score
0.0005EPSS
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.6AI Score
0.001EPSS
(RHSA-2024:2782) Important: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the RPM...
7.6AI Score
0.037EPSS
See a Sneak Peek of Tuesday’s Take Command Summit
In just a few short days, some of the best minds in cybersecurity will come together at Take Command to discuss the most pressing challenges and opportunities we face as an industry. The sessions include in-depth discussions on attacker trends and behaviors, a look into the Rapid7 SOC, top guest...
7.4AI Score
REXML contains a denial of service vulnerability
Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many <s>
7AI Score
0.0004EPSS
REXML contains a denial of service vulnerability
Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many <s>
6.8AI Score
0.0004EPSS
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high...
8.1AI Score
0.002EPSS
Security Bulletin: IBM Security Guardium is affected by a Kernel vulnerability (CVE-2023-3609)
Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details ** CVEID: CVE-2023-3609 DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_u32...
6.9AI Score
0.0004EPSS
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>
0.0004EPSS
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>
5.3CVSS
7.3AI Score
0.0004EPSS
(RHSA-2024:2781) Moderate: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the container...
7.2AI Score
0.037EPSS
CVE-2024-35176 REXML contains a denial of service vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s>
5.3AI Score
0.0004EPSS
How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment
Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....
6.9AI Score
TotalCloud Container Security Best Practices
Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...
7.1AI Score
The magic of inclusion: Wiz’s journey to democratize cloud security
Empowering every cloud security stakeholder by eliminating...
7.3AI Score
Deleted iPhone photos show up again after iOS update
iPhone owners are reporting that photos they'd deleted are now back on their phones, after updating to iOS 17.5. With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit: “When in conversation...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 180 vulnerabilities disclosed in 142...
8.2AI Score
0.001EPSS
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.2AI Score
0.009EPSS
Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That's a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing.....
7.5AI Score
(RHSA-2024:2891) Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details...
7.5AI Score
0.72EPSS
(RHSA-2024:2890) Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
6.7AI Score
0.037EPSS
(RHSA-2024:2889) Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): gnutls: potential crash during chain building/verification (CVE-2024-28835) gnutls: vulnerable to Minerva...
5.9AI Score
0.0005EPSS
(RHSA-2024:2888) Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...
7.2AI Score
(RHSA-2024:2887) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2886) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2885) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2884) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2883) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2882) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
(RHSA-2024:2881) Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.3AI Score
Summary IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION: **Node.js is vulnerable to a denial of service,...
6.7AI Score
0.0004EPSS
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In seve...
8.1AI Score
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In seve...
7.8AI Score
A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In seve...
7.7CVSS
8.3AI Score
CVE-2024-4642 SSRF due to bad 302 redirect handling in wandb/wandb
A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the 'User settings -> Webhooks' function to exploit this vulnerability to access internal HTTP(s) servers. In seve...
8AI Score
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
7.5CVSS
7.2AI Score
0.0004EPSS
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her...
4.3CVSS
7.3AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands (CVE-2024-27260). Vulnerability Details ** CVEID: CVE-2024-27260 DESCRIPTION: **IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout...
7.3AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1666)
The remote host is missing an update for the Huawei...
7.1AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for mdadm (EulerOS-SA-2024-1659)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for shim-signed (EulerOS-SA-2024-1667)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-1646)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2024-1662)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
K000139652: Intel CPU vulnerability CVE-2023-23583
Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1650)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2024-1661)
The remote host is missing an update for the Huawei...
7.2AI Score
0.002EPSS
K000139630: Expat vulnerability CVE-2023-52425
Security Advisory Description libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. (CVE-2023-52425) Impact An attacker may be able to cause an increase in memory...
6AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-1655)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
7.1AI Score
0.0005EPSS