Lucene search

K

Car Repair Services & Auto Mechanic Security Vulnerabilities

nessus
nessus

FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative ...

8.6CVSS

7AI Score

0.973EPSS

2024-05-22 12:00 AM
3
nessus
nessus

FreeBSD : Roundcube -- Cross-site scripting vulnerabilities (e020b0fd-1751-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e020b0fd-1751-11ef-a490-84a93843eb75 advisory. The Roundcube project reports: cross-site scripting (XSS) vulnerability in handling SVG ...

6.2AI Score

2024-05-22 12:00 AM
3
nessus
nessus

CentOS 8 : resource-agents (CESA-2024:2952)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2952 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response...

5.9CVSS

6.6AI Score

0.001EPSS

2024-05-22 12:00 AM
2
malwarebytes
malwarebytes

How to remove a user from a shared Windows device

There will be times when you need to remove a user from a device. In this article we'll show you how to remove a user from Windows 10 or 11. On Windows you can create a local user account (an offline account) for anyone who will frequently use your PC. But the best option in most cases, is for...

7.1AI Score

2024-05-21 08:08 PM
3
wallarmlab
wallarmlab

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...

7.5CVSS

8.6AI Score

0.0004EPSS

2024-05-21 04:56 PM
13
krebs
krebs

Why Your Wi-Fi Router Doubles as an Apple AirTag

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly...

6.2AI Score

2024-05-21 04:21 PM
6
nvd
nvd

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.2AI Score

0.0004EPSS

2024-05-21 03:15 PM
debiancve
debiancve

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.8AI Score

0.0004EPSS

2024-05-21 03:15 PM
2
cve
cve

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.4AI Score

0.0004EPSS

2024-05-21 03:15 PM
27
cvelist
cvelist

CVE-2021-47228 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.1AI Score

0.0004EPSS

2024-05-21 02:19 PM
vulnrichment
vulnrichment

CVE-2021-47228 x86/ioremap: Map EFI-reserved memory as encrypted for SEV

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.5AI Score

0.0004EPSS

2024-05-21 02:19 PM
thn
thn

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves command-and-control-like activities by using Google...

6.7AI Score

2024-05-21 02:19 PM
1
wordfence
wordfence

The Wordfence Affiliate Program Officially Launches Today

Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...

7.1AI Score

2024-05-21 01:01 PM
6
wired
wired

Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help

A WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery...

7.3AI Score

2024-05-21 10:30 AM
4
thn
thn

Achieve Security Compliance with Wazuh File Integrity Monitoring

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of...

6.7AI Score

2024-05-21 10:30 AM
1
ibm
ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-30260 DESCRIPTION: **Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a...

9.8CVSS

10AI Score

0.175EPSS

2024-05-21 09:37 AM
4
thn
thn

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been...

9.8CVSS

9.9AI Score

0.0004EPSS

2024-05-21 06:43 AM
nessus
nessus

RHEL 8 : varnish:6 (RHSA-2024:2938)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2938 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...

6.3AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
wpvulndb
wpvulndb

MemberPress < 1.11.30 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode

Description The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to....

8.5CVSS

6.5AI Score

0.0005EPSS

2024-05-21 12:00 AM
1
arista
arista

Security Advisory 0096

Security Advisory 0096 _._CSAF PDF Date: May 21, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 21, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-5502 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-287 Improper...

6.3AI Score

EPSS

2024-05-21 12:00 AM
1
nessus
nessus

Fluent Bit Heap-based Buffer Overflow

The version of Fluent Bit running on the remote host is prior to 3.0.4. It is, therefore, is affected by a heap-based buffer overflow vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

9.8CVSS

9.8AI Score

0.0004EPSS

2024-05-21 12:00 AM
10
spring
spring

This Week in Spring - May 21st, 2024

Welcome to another installment of This Week in Spring! It's been yet another amazing and exciting week and with it a bevy of new releases. And of course, in about a week's time, we will find ourselves at Spring IO, ready to show a lot of these new things. Will you be there? I will! Anyway, let's...

7.1AI Score

2024-05-21 12:00 AM
2
packetstorm

7.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
95
ubuntucve
ubuntucve

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve()...

6.3AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
spring
spring

Deploy and Scale Spring Batch in the Cloud – with Adaptive Cost Control

May 21, 2024, at 9 AM PST You can now use Azure Spring Apps to effectively run Spring Batch applications with adaptive cost control. You only pay when batch jobs are running, and you can simply lift and shift your Spring Batch jobs with no code change. Spring Batch is a framework for processing...

7.2AI Score

2024-05-21 12:00 AM
1
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-gke - Linux kernel for Google Container Engine (GKE) systems Details Zheng Wang discovered that the...

4.3CVSS

7.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
9
hackread
hackread

Fluent Bit Tool Vulnerability Threatens Billions of Cloud Deployments

By Deeba Ahmed "Linguistic Lumberjack" Threatens Data Breaches (CVE-2024-4323). Patch now to shield your cloud services from information disclosure, denial-of-service, or even remote takeover. This is a post from HackRead.com Read the original post: Fluent Bit Tool Vulnerability Threatens Billions....

6.8AI Score

0.0004EPSS

2024-05-20 06:50 PM
12
mssecure
mssecure

New Windows 11 features strengthen security to address evolving cyberthreat landscape

Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....

7AI Score

2024-05-20 06:00 PM
5
mmpc
mmpc

New Windows 11 features strengthen security to address evolving cyberthreat landscape

In this article Cybersecurity at the forefront of all we do Modern, secure hardware Stay ahead of evolving threats with Windows Explore the new Windows 11 security features Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this...

8.6AI Score

2024-05-20 06:00 PM
25
redhatcve
redhatcve

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

6.7AI Score

0.0004EPSS

2024-05-20 05:42 PM
7
thn
thn

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under.....

9.8CVSS

7.2AI Score

0.974EPSS

2024-05-20 04:05 PM
1
kitploit
kitploit

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....

7.4AI Score

2024-05-20 12:30 PM
15
thn
thn

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

7.1AI Score

2024-05-20 12:20 PM
1
debiancve
debiancve

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally...

6.7AI Score

0.0004EPSS

2024-05-20 10:15 AM
3
cve
cve

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

6.8AI Score

0.0004EPSS

2024-05-20 10:15 AM
25
nvd
nvd

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
thn
thn

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and...

7AI Score

2024-05-20 09:26 AM
1
cvelist
cvelist

CVE-2024-35948 bcachefs: Check for journal entries overruning end of sb clean section

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

6.5AI Score

0.0004EPSS

2024-05-20 09:17 AM
thn
thn

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

8.2AI Score

2024-05-20 05:47 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-3435

This is a Next.js project bootstrapped...

8.4CVSS

7AI Score

0.0004EPSS

2024-05-20 02:17 AM
106
nessus
nessus

FreeBSD : qt5-webengine -- Multiple vulnerabilities (d58455cc-159e-11ef-83d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d58455cc-159e-11ef-83d8-4ccc6adda413 advisory. Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a...

8AI Score

0.0004EPSS

2024-05-20 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-35948

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low.....

6.7AI Score

0.0004EPSS

2024-05-20 12:00 AM
3
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:2911)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2911 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): *...

8.9AI Score

0.0004EPSS

2024-05-20 12:00 AM
1
ubuntu
ubuntu

Linux kernel (AWS) vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack...

7.8CVSS

7.5AI Score

EPSS

2024-05-20 12:00 AM
8
cve
cve

CVE-2024-36053

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service...

7.2AI Score

EPSS

2024-05-19 04:15 PM
33
nvd
nvd

CVE-2024-36053

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service...

7AI Score

EPSS

2024-05-19 04:15 PM
thn
thn

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles....

7.4AI Score

2024-05-19 09:46 AM
1
kitploit
kitploit

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...

7.7AI Score

2024-05-19 12:42 AM
11
ubuntucve
ubuntucve

CVE-2024-36053

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service...

7.5AI Score

EPSS

2024-05-19 12:00 AM
3
cve
cve

CVE-2024-4709

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

5.7AI Score

0.001EPSS

2024-05-18 08:15 AM
30
Total number of security vulnerabilities123753