Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
5.8AI Score
0.0004EPSS
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
4.8AI Score
0.0004EPSS
CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
4.8AI Score
0.0004EPSS
CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
5.8AI Score
0.0004EPSS
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...
7.2AI Score
Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique
The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....
7.1AI Score
0.0004EPSS
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...
8.5AI Score
EPSS
libigl readMSH improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-1926 libigl readMSH improper array index validation vulnerability May 28, 2024 CVE Number CVE-2024-23948,CVE-2024-23951,CVE-2024-23947,CVE-2024-23950,CVE-2024-23949 SUMMARY Multiple improper array index validation vulnerabilities exist in the readMSH...
8.8CVSS
7.2AI Score
0.001EPSS
7.4AI Score
0.0004EPSS
libigl PlyFile ply_cast_ascii out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1879 libigl PlyFile ply_cast_ascii out-of-bounds write vulnerability May 28, 2024 CVE Number CVE-2023-49600 SUMMARY An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead....
8.1CVSS
7.8AI Score
0.001EPSS
libigl readNODE out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1930 libigl readNODE out-of-bounds write vulnerability May 28, 2024 CVE Number CVE-2024-22181 SUMMARY An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write.....
7.8CVSS
7.5AI Score
0.001EPSS
libigl readOFF stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially...
7.8CVSS
7.9AI Score
0.001EPSS
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
8.2CVSS
7.2AI Score
0.016EPSS
libigl readMSH out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1928 libigl readMSH out-of-bounds read vulnerability May 28, 2024 CVE Number CVE-2024-24583,CVE-2024-24584 SUMMARY Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an...
4.3CVSS
7.4AI Score
0.0005EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.032EPSS
libigl readOFF stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities May 28, 2024 CVE Number CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp...
7.8CVSS
8.5AI Score
0.001EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.8CVSS
7.5AI Score
EPSS
silverstripe/framework sends passwords back to browsers under some circumstances
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...
7.3AI Score
silverstripe/framework sends passwords back to browsers under some circumstances
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...
7.3AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_close") converted serial core to use tty_port_close() but failed to notice that the transmit buffer...
6.7AI Score
0.0004EPSS
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...
6.5AI Score
0.0004EPSS
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793
Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management (EWM). Vulnerability Details ** CVEID: CVE-2024-28793 DESCRIPTION: **IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this.....
4.9CVSS
5.7AI Score
0.0004EPSS
Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...
7.6AI Score
Fedora: Security Advisory for xen (FEDORA-2024-4357ec611d)
The remote host is missing an update for...
6.2AI Score
EPSS
Fedora: Security Advisory for xorg-x11-server-Xwayland (FEDORA-2024-1706127797)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0005EPSS
Fedora: Security Advisory for uriparser (FEDORA-2024-410d4ecabe)
The remote host is missing an update for...
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for xen (FEDORA-2024-a676697123)
The remote host is missing an update for...
6.2AI Score
EPSS
This Week in Spring - May 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it will be! I'm in Venice, Italy, on a little vacation, but tomorrow I begin a quick journey to beautiful Sofia, Bulgaria, where I'll be speaking at the amazing JPrime software show (it's my first time speaking....
7AI Score
Fedora: Security Advisory for mediawiki (FEDORA-2024-2c564b942d)
The remote host is missing an update for...
7.3CVSS
5.9AI Score
0.001EPSS
Fedora: Security Advisory for xorg-x11-server-Xwayland (FEDORA-2024-5af98298c7)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0005EPSS
Fedora: Security Advisory for uriparser (FEDORA-2024-40e8512956)
The remote host is missing an update for...
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for xen (FEDORA-2024-a46df5ba2f)
The remote host is missing an update for...
6.2AI Score
EPSS
Fedora: Security Advisory for opensmtpd (FEDORA-2024-28fde3feb7)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
Fedora: Security Advisory for uriparser (FEDORA-2024-a7b8b6bfe2)
The remote host is missing an update for...
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for xorg-x11-server-Xwayland (FEDORA-2024-01a9916e9e)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0005EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain...
8.3AI Score
EPSS
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain...
8.5AI Score
EPSS
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
EPSS
Soot Infinite Loop vulnerability
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.7AI Score
EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which.....
7.3CVSS
6.7AI Score
0.001EPSS
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.4AI Score
EPSS
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service...
6.6AI Score
EPSS