Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1273)
The remote host is missing an update for the Huawei...
8.5AI Score
0.72EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
6.9AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.7AI Score
Summary Multiple Vulnerabilities were disclosed as part of the Oracle Jan 2024 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2024-20918 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality...
6.6AI Score
0.001EPSS
Fedora: Security Advisory for antlrworks (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: antlrworks-1.5.2-29.fc40
ANTLRWorks is a novel grammar development environment for ANTLR v3 grammars written by Jean Bovet (with suggested use cases from Terence Parr). It comb ines an excellent grammar-aware editor with an interpreter for rapid prototyping and a language-agnostic debugger for isolating grammar errors....
6.8AI Score
0.0004EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 (1.8.0_401). Vulnerability Details ** CVEID: CVE-2023-22067 ...
8.9AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2023...
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.6AI Score
0.001EPSS
Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec
Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...
7.2AI Score
Summary IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
7.2AI Score
0.001EPSS
Oracle Linux 9 : mysql (ELSA-2024-1141)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1141 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and...
6.2AI Score
AlmaLinux 9 : mysql (ALSA-2024:1141)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1141 advisory. A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun....
6.2AI Score
(RHSA-2024:1037) Important: OpenShift Container Platform 4.13.36 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.36. See the following advisory for the RPM...
7.4AI Score
0.002EPSS
The Kube Descheduler Operator for Red Hat OpenShift is an optional operator that deploys the descheduler, which is responsible for evicting pods based on certain strategies. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)...
7.4AI Score
0.72EPSS
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...
5.8AI Score
0.166EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.7AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.7AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.7AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.7AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.7AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
7.1AI Score
0.72EPSS
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing....
7AI Score
0.72EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list in ipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() to remove the items while in the middle of iteration. If...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list in ipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() to remove the items while in the middle of iteration. If...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list in ipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() to remove the items while in the middle of iteration. If...
7.2AI Score
0.0004EPSS
CVE-2023-52587 IB/ipoib: Fix mcast list locking
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list in ipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() to remove the items while in the middle of iteration. If...
6.2AI Score
0.0004EPSS
(RHSA-2024:1052) Critical: OpenShift Container Platform 4.12.51 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.51. See the following advisory for the RPM...
7.5AI Score
0.037EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list in ipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() to remove the items while in the middle of iteration. If...
7.5AI Score
0.0004EPSS
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI By Jambul Tologonov and John Fokker · March 06, 2024 In the ever-evolving threat landscape, the Trellix Advanced Research Center has been at the forefront of understanding and combating the dual-edged sword of Generative...
6.9AI Score
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
(RHSA-2024:1141) Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...
8AI Score
0.002EPSS
7 Rapid Questions with #77 Ray Bourque
We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship. Ray is an absolute hero to Bruins fans everywhere. He has cemented his status in the annals of Boston sports history through 21 seasons in the black...
6.9AI Score
Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)...
7.5AI Score
0.002EPSS
RHEL 9 : mysql (RHSA-2024:1141)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1141 advisory. zstd: mysql: buffer overrun in util.c (CVE-2022-4899) mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql:...
6.5AI Score
Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)...
7.8AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain Previously the transfer complete IRQ immediately drained to RX FIFO to read any data remaining in FIFO to the RX buffer. This behaviour is correct when...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single or even multiple bytes lost...
6.5AI Score
0.0004EPSS
Why it Pays to Have a Comprehensive API Security Strategy
In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need for...
8.7AI Score
From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies
A company's lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and...
7.1AI Score
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...
9.8CVSS
8.1AI Score
0.974EPSS
openSUSE: Security Advisory for binutils (SUSE-SU-2023:3825-1)
The remote host is missing an update for...
7.4AI Score
0.001EPSS
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4068-1)
The remote host is missing an update for...
8.6AI Score
0.72EPSS