Lucene search

K

Car Repair Services & Auto Mechanic Security Vulnerabilities

thn
thn

Lessons from the Snowflake Breaches

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's...

7.4AI Score

2024-06-12 11:25 AM
6
redhatcve
redhatcve

CVE-2022-1941

A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized...

7.5CVSS

6.7AI Score

0.002EPSS

2024-06-12 10:54 AM
3
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to VMware Tanzu Spring

Summary There are vulnerabilities in VMware Tanzu Spring Security and Framework used by Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details ** CVEID:...

8.2CVSS

7.5AI Score

0.0004EPSS

2024-06-12 09:25 AM
4
cve
cve

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-12 09:15 AM
27
thn
thn

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

9.8CVSS

8.7AI Score

0.05EPSS

2024-06-12 04:26 AM
121
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...

6.5CVSS

7.8AI Score

EPSS

2024-06-12 12:00 AM
3
nessus
nessus

FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via...

7.9AI Score

EPSS

2024-06-12 12:00 AM
1
nessus
nessus

RHEL 8 : kernel (RHSA-2024:3859)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SEV-ES / SEV-SNP...

5.6CVSS

8.1AI Score

0.001EPSS

2024-06-12 12:00 AM
2
github
github

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....

6.8AI Score

EPSS

2024-06-11 08:22 PM
27
osv
osv

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....

7.2AI Score

EPSS

2024-06-11 08:22 PM
9
rapid7blog
rapid7blog

Patch Tuesday - June 2024

It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...

9.8CVSS

9.7AI Score

0.05EPSS

2024-06-11 07:43 PM
139
nvd
nvd

CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other...

8CVSS

0.0004EPSS

2024-06-11 07:16 PM
3
cve
cve

CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other...

8CVSS

6.6AI Score

0.0004EPSS

2024-06-11 07:16 PM
27
cvelist
cvelist

CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other...

8CVSS

0.0004EPSS

2024-06-11 06:20 PM
1
vulnrichment
vulnrichment

CVE-2024-28020

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other...

8CVSS

6.6AI Score

0.0004EPSS

2024-06-11 06:20 PM
qualysblog
qualysblog

Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review

Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...

9.8CVSS

9.3AI Score

0.003EPSS

2024-06-11 06:18 PM
18
nvd
nvd

CVE-2024-37293

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

0.0004EPSS

2024-06-11 05:16 PM
1
cve
cve

CVE-2024-37293

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

8AI Score

0.0004EPSS

2024-06-11 05:16 PM
25
nvd
nvd

CVE-2024-30096

Windows Cryptographic Services Information Disclosure...

5.5CVSS

0.001EPSS

2024-06-11 05:15 PM
8
cve
cve

CVE-2024-30096

Windows Cryptographic Services Information Disclosure...

5.5CVSS

5.3AI Score

0.001EPSS

2024-06-11 05:15 PM
56
vulnrichment

5.5CVSS

6.9AI Score

0.001EPSS

2024-06-11 05:00 PM
1
cvelist
cvelist

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

0.0004EPSS

2024-06-11 04:49 PM
2
vulnrichment
vulnrichment

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-11 04:49 PM
1
thn
thn

How Cynet Makes MSPs Rich & Their Clients Secure

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...

7.1AI Score

2024-06-11 04:10 PM
3
github
github

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

7AI Score

2024-06-11 04:00 PM
1
thn
thn

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....

9.8CVSS

6.7AI Score

0.957EPSS

2024-06-11 02:32 PM
6
githubexploit
githubexploit

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Basic POC to test CVE-2024-3094 vulnerability...

10CVSS

7.5AI Score

0.133EPSS

2024-06-11 02:19 PM
56
cve
cve

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-11 02:15 PM
25
nvd
nvd

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...

10CVSS

0.0004EPSS

2024-06-11 02:15 PM
3
cvelist
cvelist

CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...

10CVSS

0.0004EPSS

2024-06-11 01:14 PM
4
ics
ics

Intrado 911 Emergency Gateway

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious...

8AI Score

EPSS

2024-06-11 12:00 PM
1
malwarebytes
malwarebytes

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....

6.8AI Score

2024-06-11 11:38 AM
2
thn
thn

Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

9.8CVSS

8.9AI Score

0.975EPSS

2024-06-11 11:00 AM
4
malwarebytes
malwarebytes

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

6.9AI Score

2024-06-11 10:55 AM
8
hackerone
hackerone

Enjin: Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com

Summary Hello team, During a review of the website: https://nft.production.enjinusercontent.com/ I discovered that any resource hosted under any external CDN can be rendered on the website without any restrictions. This behavior leads display of images or resources on the website, which may cause.....

7.1AI Score

2024-06-11 09:27 AM
8
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
8
cve
cve

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

9.5AI Score

0.001EPSS

2024-06-11 07:15 AM
31
nvd
nvd

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

0.001EPSS

2024-06-11 07:15 AM
3
mskb
mskb

June 11, 2024—KB5039266 (Security-only update)

June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...

9.8CVSS

9.5AI Score

0.003EPSS

2024-06-11 07:00 AM
22
mskb
mskb

June 11, 2024—KB5039274 (Security-only update)

June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...

9.8CVSS

9.5AI Score

0.003EPSS

2024-06-11 07:00 AM
25
mskb
mskb

June 11, 2024—KB5039225 (OS Build 10240.20680)

June 11, 2024—KB5039225 (OS Build 10240.20680) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...

9.8CVSS

9.7AI Score

0.003EPSS

2024-06-11 07:00 AM
8
mscve

5.5CVSS

7.1AI Score

0.001EPSS

2024-06-11 07:00 AM
22
mskb
mskb

June 11, 2024— KB5039330 (OS Build 20348.2522)

June 11, 2024— KB5039330 (OS Build 20348.2522) Improvements and fixes This security update includes quality improvements. When you install this KB: This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you...

9.8CVSS

9.7AI Score

0.003EPSS

2024-06-11 07:00 AM
14
mskb
mskb

June 11, 2024—KB5039227 (OS Build 20348.2527)

June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....

9.8CVSS

7.3AI Score

0.003EPSS

2024-06-11 07:00 AM
27
mskb
mskb

June 11, 2024—KB5039214 (OS Build 14393.7070)

June 11, 2024—KB5039214 (OS Build 14393.7070) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 07:00 AM
25
mskb
mskb

June 11, 2024—KB5039260 (Monthly Rollup)

June 11, 2024—KB5039260 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....

9.8CVSS

9.5AI Score

0.003EPSS

2024-06-11 07:00 AM
6
mskb
mskb

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 07:00 AM
12
mskb
mskb

June 11, 2024—KB5039217 (OS Build 17763.5936)

June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 07:00 AM
46
mskb
mskb

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

9.8CVSS

9.9AI Score

0.003EPSS

2024-06-11 07:00 AM
1
Total number of security vulnerabilities123942