Summary IBM Maximo Application Suite - Edge Data Collector uses mio-0.8.10.crate and mio-0.8.8.crate which is vulnerable to CVE-2024-27308 Vulnerability Details ** CVEID: CVE-2024-27308 DESCRIPTION: **Tokio Mio s vulnerable to a denial of service, caused by a use-after-free flaw due to tokens for.....
7.5CVSS
6.9AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details ** CVEID: CVE-2024-0727 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by improper...
6.5CVSS
6.7AI Score
0.002EPSS
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...
6AI Score
0.0004EPSS
Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On...
8.6CVSS
6.3AI Score
0.945EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
IT threat evolution in Q1 2024. Mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...
7.9AI Score
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
7.8CVSS
6AI Score
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an.....
6.7AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.8AI Score
0.938EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....
6.6AI Score
0.0004EPSS
CVE-2024-36961 thermal/debugfs: Fix two locking issues with thermal zone debug
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....
6.3AI Score
0.0004EPSS
Andariel Hackers Target South Korean Institutes with New Dora RAT Malware
The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the...
7.5AI Score
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
7.1AI Score
RHEL 5 : zsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. zsh: buffer overrun in symlinks (CVE-2017-18206) zsh before 5.0.7 allows evaluation of the initial...
7.8CVSS
7.7AI Score
0.007EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 9 : ovmf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097) openssl: timing attack in RSA Decryption...
7.5CVSS
7.5AI Score
0.004EPSS
RHEL 7 : apache-commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...
7.5CVSS
8AI Score
0.025EPSS
RHEL 7 : camel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536) Note that Nessus...
7CVSS
7.2AI Score
0.001EPSS
RHEL 7 : libvirt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: TLS certificate verification disabled for clients (CVE-2017-1000256) The LXC driver...
8.1CVSS
8.6AI Score
0.003EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 6 : emacs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. emacs: command injection flaw within enriched mode handling (CVE-2017-14482) lisp/gnus/gnus-fun.el in...
8.8CVSS
8AI Score
0.031EPSS
RHEL 6 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...
7.5CVSS
7.5AI Score
0.06EPSS
RHEL 8 : libpng (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libpng: underflow read in png_check_keyword() (CVE-2015-8540) png_image_free in png.c in libpng 1.6.x...
5.5CVSS
6.5AI Score
0.022EPSS
RHEL 8 : apache-commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...
7.5CVSS
8AI Score
0.025EPSS
Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2024-2511)
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. This problem can occur in...
7.8AI Score
0.0004EPSS
RHEL 6 : zsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) zsh before 5.0.7 allows...
5.5CVSS
7.8AI Score
0.007EPSS
RHEL 7 : chrony (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chrony: missing key check allows impersonation between authenticated peers (VU#357792) (CVE-2016-1567) A...
6CVSS
8.2AI Score
0.015EPSS
RHEL 8 : freerdp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset...
9.8CVSS
7.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....
6.5AI Score
0.0004EPSS
Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....
4.3CVSS
6.4AI Score
0.001EPSS
Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....
4.3CVSS
6.4AI Score
0.001EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......
4.2CVSS
6.1AI Score
0.0004EPSS
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......
4.2CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6.7AI Score
0.013EPSS
The Ticketmaster Data Breach May Be Just the Beginning
Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...
7.4AI Score
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for....
7.5AI Score
4.9CVSS
7AI Score
EPSS
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
6.9AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
5.9CVSS
6.1AI Score
0.0004EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score