PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
(RHSA-2024:2696) Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) A...
8CVSS
7.7AI Score
0.037EPSS
Top 9 Compliance Automation Software in 2024
By Uzair Amir Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise. This is a post from HackRead.com Read the original post: Top 9...
7.4AI Score
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
7.4AI Score
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...
7.3AI Score
Malicious code in zxcvbnmmmmmmkjhgfdssss (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8a752311495084af562274cafb23e80b14975e577ef5aa0af0728f4b95eb14f1) The OpenSSF Package Analysis project identified 'zxcvbnmmmmmmkjhgfdssss' @ 1.0.1 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Malicious code in @assurantlabs/home-device-inventory (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f) The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 (npm) as malicious. It is considered malicious...
7.3AI Score
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....
7.3AI Score
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...
7AI Score
0.0004EPSS
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example,...
7.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
[SECURITY] Fedora 38 Update: gdcm-3.0.21-4.fc38
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
[SECURITY] Fedora 39 Update: gdcm-3.0.23-5.fc39
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM...
8.1CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs...
7.4AI Score
Apache Commons BCEL: Remote Code Execution
Background The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier.....
9.8CVSS
7.4AI Score
0.032EPSS
A Mind at Play: Rediscovering Minesweeper in the Professional Arena
By Uzair Amir Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click. This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the...
7.3AI Score
[SECURITY] [DLA 3808-1] intel-microcode security update
Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...
6.5CVSS
8AI Score
0.001EPSS
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 Overview is a bash...
9.8CVSS
7.3AI Score
0.966EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
Exploit for Code Injection in Cisco Adaptive Security Appliance Software
CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...
6CVSS
7.5AI Score
0.003EPSS
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...
9.8CVSS
7.5AI Score
0.0004EPSS
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...
4.3CVSS
7.1AI Score
0.001EPSS
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located).It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia.....
8.5CVSS
7.3AI Score
0.0004EPSS
Malicious code in @socialdeal/uikit-whitelabel (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d53c0749d21786a6b7eeea319c37d26573f1ded671dc9cbed9e4508d9b65a2c0) The OpenSSF Package Analysis project identified '@socialdeal/uikit-whitelabel' @ 999.100.1 (npm) as malicious. It is considered malicious...
7.3AI Score
Malicious code in ing-feat-grants-management (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b798bc5312e2cdb16a12e65a8a02a2a447f4af87bc9132258961b27b2314b60) The OpenSSF Package Analysis project identified 'ing-feat-grants-management' @ 999.100.1 (npm) as malicious. It is considered malicious because: ...
7.3AI Score
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to....
5.4CVSS
7.1AI Score
0.0004EPSS
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with...
8.8CVSS
7.6AI Score
0.001EPSS
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level.....
5.4CVSS
6.1AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: python-idna-3.7-1.fc38
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
[SECURITY] Fedora 39 Update: python-idna-3.7-1.fc39
A library to support the Internationalised Domain Names in Applications (ID NA) protocol as specified in RFC 5891 http://tools.ietf.org/html/rfc5891. Th is version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The...
7.2AI Score
[SECURITY] Debian 10 LTS will reach end-of-life on June 30th, 2024
Dear Debian LTS users, This is a gentle reminder that Debian 10 ("buster") will reach end of support as the LTS release on June 30, 2024. Users are encouraged to upgrade to Debian 11 ("bullseye"). Starting in July, Debian will not provide further security updates for Debian 10. A subset of buster.....
6.9AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Malicious code in lamia471 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d9af3a934ac2fcd0612cd1e8f0f0b3c17663ec12dcb3fa693dca054f2c141f1) The OpenSSF Package Analysis project identified 'lamia471' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.2 and IBM Planning Analytics 2.0.95 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
10AI Score
0.962EPSS
[SECURITY] [DSA 5679-1] less security update
Debian Security Advisory DSA-5679-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq Package : less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian...
7.8AI Score
0.0004EPSS
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
6.2CVSS
6.3AI Score
0.0004EPSS
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
6.2CVSS
7AI Score
0.0004EPSS
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...
7.8CVSS
7.6AI Score
0.0004EPSS
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Impact sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...
7.8CVSS
7.8AI Score
0.0004EPSS
You get a passkey, you get a passkey, everyone should get a passkey
Microsoft is rolling out passkey support for all consumer accounts. Passkeys are a very secure replacement for passwords that can't be cracked, guessed or phished, and let you log in easily, without having to type a password every time. After enabling them in Windows 11 last year, Microsoft...
7.3AI Score
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details ** CVEID: CVE-2024-28102 DESCRIPTION: **JWCrypto is...
9.8CVSS
8.3AI Score
0.01EPSS
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary....
5.3CVSS
6.8AI Score
0.0004EPSS