A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...
4.3CVSS
4.5AI Score
0.0004EPSS
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...
4.3CVSS
0.0004EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...
9.8CVSS
7.5AI Score
0.007EPSS
CVE-2024-29953 Encoded session passwords on session storage for Virtual Fabric platforms
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...
4.3CVSS
0.0004EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
6.7AI Score
0.0004EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
0.0004EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
0.0004EPSS
PTC Creo Elements/Direct License Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...
8.1AI Score
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: ABB Equipment: 800xA Base Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1...
5.7CVSS
7.3AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...
7AI Score
EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)
Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....
6.2CVSS
7.3AI Score
0.0005EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...
5.9CVSS
7.2AI Score
0.0004EPSS
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
6.4AI Score
0.0004EPSS
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
0.0004EPSS
Hfinger - Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be...
7AI Score
RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...
7.8CVSS
8.6AI Score
0.879EPSS
CentOS 9 : kernel-5.14.0-467.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-467.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not...
5.5CVSS
7.4AI Score
EPSS
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
0.0004EPSS
RHEL 9 : libreswan (RHSA-2024:4050)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
7.1AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
This script automatically exploits vulnerability in OpenPLC Web...
8.8CVSS
8.2AI Score
0.006EPSS
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...
7.5AI Score
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...
7AI Score
SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...
6.9AI Score
0.0004EPSS
RHEL 8 : ovn-2021 (RHSA-2024:4035)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.9AI Score
0.0005EPSS
7.5AI Score
0.0004EPSS
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin |...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yokogawa Equipment: CENTUM Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...
8.5CVSS
7.5AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: CAREL Equipment: Boss-Mini Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate...
9.8CVSS
7.4AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: L210-F2G Lynx Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of...
7.5CVSS
8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
6.6AI Score
0.0004EPSS
CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
6.7AI Score
0.0004EPSS
CVE-2022-48762 arm64: extable: fix load_unaligned_zeropad() reg indices
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain...
0.0004EPSS
Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)
IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...
7AI Score
CVE-2021-47618 ARM: 9170/1: fix panic when kasan and kprobe are enabled
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
6.9AI Score
0.0004EPSS
CVE-2021-47618 ARM: 9170/1: fix panic when kasan and kprobe are enabled
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted: G W O...
7.1AI Score
0.0004EPSS
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...
7AI Score
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...
7.3AI Score
0.0004EPSS