Lucene search

K

Car Repair Services & Auto Mechanic Security Vulnerabilities

nvd
nvd

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an...

5.3CVSS

6.8AI Score

0.0005EPSS

2024-06-05 05:15 PM
cvelist
cvelist

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an...

7.2CVSS

6.8AI Score

0.0005EPSS

2024-06-05 04:14 PM
1
vulnrichment
vulnrichment

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an...

7.2CVSS

6.5AI Score

0.0005EPSS

2024-06-05 04:14 PM
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
1
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
schneier
schneier

Online Privacy and Overfishing

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren't about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion.....

7AI Score

2024-06-05 11:00 AM
5
thn
thn

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security....

7.5AI Score

2024-06-05 11:00 AM
2
fedora
fedora

[SECURITY] Fedora 39 Update: dotnet8.0-8.0.105-1.fc39

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.1AI Score

2024-06-05 08:34 AM
cve
cve

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-05 12:15 AM
4
nvd
nvd

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:15 AM
cvelist
cvelist

CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.7CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:00 AM
2
wpvulndb
wpvulndb

Ninja Tables – Easiest Data Table Builder < 5.0.10 - Authenticated (Admin+) Server-Side Request Forgery

Description The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary.....

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
wpvulndb
wpvulndb

Blocksy Companion < 2.0.43 - Authenticated (Admin+) Server-Side Request Forgery

Description The Blocksy Companion plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.42. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
wpvulndb
wpvulndb

Church Admin < 4.4.0 - Authenticated (Admin+) Server-Side Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from...

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
cve
cve

CVE-2024-29152

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the...

7.5CVSS

6.9AI Score

EPSS

2024-06-04 07:19 PM
1
nvd
nvd

CVE-2024-29152

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 2400, 9110, W920, W930, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check states specified by the...

7.5CVSS

5.6AI Score

EPSS

2024-06-04 07:19 PM
1
github
github

Flooding Server with Thumbnail files

Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...

7.5CVSS

6.5AI Score

0.001EPSS

2024-06-04 05:18 PM
5
osv
osv

Flooding Server with Thumbnail files

Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...

7.5CVSS

6.5AI Score

0.001EPSS

2024-06-04 05:18 PM
3
mssecure
mssecure

AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used...

7.4AI Score

2024-06-04 05:00 PM
3
mssecure
mssecure

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust...

7.5AI Score

2024-06-04 04:00 PM
3
thn
thn

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent...

7.6AI Score

2024-06-04 03:33 PM
1
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
thn
thn

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8.....

9.9CVSS

8.5AI Score

0.938EPSS

2024-06-04 02:43 PM
1
redhat
redhat

(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
7
redhat
redhat

(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
6
osv
osv

BIT-hubble-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5.3CVSS

6AI Score

0.0005EPSS

2024-06-04 09:44 AM
1
nessus
nessus

Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows: In Progress Telerik Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure...

9.9CVSS

9.9AI Score

0.0005EPSS

2024-06-04 12:00 AM
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
2
nessus
nessus

FreeBSD : chromium -- multiple security fixes (b058380e-21a4-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b058380e-21a4-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 11 security fixes: Tenable has extracted the...

9.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
nessus
nessus

Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)

The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report...

9.8CVSS

9.9AI Score

0.938EPSS

2024-06-04 12:00 AM
2
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
redhat
redhat

(RHSA-2024:3576) Low: Red Hat build of Keycloak 24.0.5 Images enhancement and security update

Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also...

6.6AI Score

0.0005EPSS

2024-06-03 09:24 PM
8
redhat
redhat

(RHSA-2024:3573) Low: Red Hat build of Keycloak 22.0.11 Images enhancement and security update

Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also...

6.7AI Score

0.001EPSS

2024-06-03 09:09 PM
4
redhat
redhat

(RHSA-2024:3570) Low: Red Hat Single Sign-On 7.6.9 for OpenShift image enhancement update

Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage...

8.2AI Score

0.05EPSS

2024-06-03 07:45 PM
2
nvd
nvd

CVE-2024-4332

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

6.9AI Score

0.0004EPSS

2024-06-03 06:15 PM
cve
cve

CVE-2024-4332

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

7.5AI Score

0.0004EPSS

2024-06-03 06:15 PM
20
cvelist
cvelist

CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

6.9AI Score

0.0004EPSS

2024-06-03 05:38 PM
1
vulnrichment
vulnrichment

CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

7.3AI Score

0.0004EPSS

2024-06-03 05:38 PM
2
redhat
redhat

(RHSA-2024:3561) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
3
redhat
redhat

(RHSA-2024:3560) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
4
redhat
redhat

(RHSA-2024:3559) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
6
redhatcve
redhatcve

CVE-2024-36890

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) =...

6.5AI Score

0.0004EPSS

2024-06-03 02:03 PM
1
thn
thn

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...

7.3AI Score

2024-06-03 01:45 PM
1
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:37 AM
3
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-06-03 11:34 AM
2
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-25026

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

5.9CVSS

6.2AI Score

0.0004EPSS

2024-06-03 11:33 AM
2
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:32 AM
2
thn
thn

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

10CVSS

10AI Score

0.975EPSS

2024-06-03 10:56 AM
1
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
4
thn
thn

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

7.1AI Score

2024-06-03 03:51 AM
Total number of security vulnerabilities123791