RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
RHEL 6 : ipa (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) FreeIPA uses a...
7.4AI Score
0.011EPSS
RHEL 6 : mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) (CVE-2016-3477) mysql:...
9.5AI Score
0.118EPSS
RHEL 5 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: symlink race permits opening files outside share directory (CVE-2017-2619) samba: Netlogon...
7.4AI Score
0.916EPSS
RHEL 7 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: Symlink race error can allow directory creation outside of the exported share (CVE-2021-43566) ...
7.5AI Score
0.041EPSS
RHEL 6 : pcp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) A Improper Limitation of...
7.4AI Score
0.001EPSS
Summary The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Commons Net. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2021-37533 DESCRIPTION: **Apache Commons Net could allow a remote attacker to...
6.5CVSS
6.3AI Score
EPSS
Summary A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details ** CVEID: CVE-2021-22569 DESCRIPTION: **Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service,.....
7.5CVSS
8.2AI Score
0.001EPSS
Summary The RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLength. Vulnerability Details ** CVEID: CVE-2023-46120 DESCRIPTION: **RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By...
7.5CVSS
9.2AI Score
0.002EPSS
Impact There is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of...
6.1CVSS
6.4AI Score
0.0004EPSS
Impact There is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of...
6.1CVSS
6.3AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.7AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...
9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...
9CVSS
9.1AI Score
0.0004EPSS
An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services (NSS) is a set of libraries designed to support the...
7.2AI Score
An update is available for libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the...
7.4AI Score
0.0004EPSS
An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services (NSS) is a set of libraries designed to support the...
7.2AI Score
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
8.9AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
6.5AI Score
0.0004EPSS
pcp security, bug fix, and enhancement update
An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.5AI Score
0.0004EPSS
gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update
An update is available for gnome-menus, gnome-shell, gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing...
7.3AI Score
An update is available for systemd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for...
5.9CVSS
7AI Score
0.001EPSS
sssd security and bug fix update
An update is available for sssd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....
7.1CVSS
7.8AI Score
0.0004EPSS
iptables bug fix and enhancement update
An update is available for iptables. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
Moderate: sssd security and bug fix update
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...
7.1CVSS
7.2AI Score
0.0004EPSS
Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
5.9CVSS
5.7AI Score
0.001EPSS
U.S. Dept Of Defense: Subdomain takeover ████████.mil
Description: The subdomain █████.mil is pointing to peosol-lg.███████., the domain ██████ is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████ Given the rules, residency of the US, of the us-tld I decided not to register the.....
6.5AI Score
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and...
10CVSS
6.1AI Score
0.967EPSS
Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their.....
7.5AI Score
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team....
9.8CVSS
7.1AI Score
0.975EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-20932 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...
7.8CVSS
7.4AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to...
9.1CVSS
10AI Score
EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-40167 DESCRIPTION: **Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1...
6.5CVSS
8.5AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-36478 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...
7.5CVSS
9.5AI Score
0.732EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....
7.5CVSS
7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1585)
The remote host is missing an update for the Huawei...
8.7CVSS
7.9AI Score
0.024EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d53c30c1-0d7b-11ef-ba02-6cc21735f730 advisory. Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table ownermore details ...
3.1CVSS
3.7AI Score
0.0004EPSS
Neo4j < 5.19.0 Privilege Mishandling (CVE-2024-34517)
According to its its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.19.0. It is, therefore, affected by a privilege mishandling vulnerability in the Cypher component which mishandles IMMUTABLE privileges. Note that Nessus has not tested...
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1594)
The remote host is missing an update for the Huawei...
7.3CVSS
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1572)
The remote host is missing an update for the Huawei...
7.3CVSS
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1567)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1563)
The remote host is missing an update for the Huawei...
8.7CVSS
7.9AI Score
0.024EPSS
TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates
In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as....
7.4AI Score
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...
4.3CVSS
6.5AI Score
0.001EPSS
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...
4.3CVSS
5.8AI Score
0.001EPSS
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
7.6AI Score
A new alert system from CISA seems to be effective — now we just need companies to sign up
One of the great cybersecurity challenges organizations currently face, especially smaller ones, is that they don't know what they don't know. It's tough to have your eyes on everything all the time, especially with so many pieces of software running and IoT devices extending the reach of networks....
9.8CVSS
8.9AI Score
0.001EPSS