Lucene search

K

Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

nessus
nessus

RHEL 5 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...

8.3AI Score

0.089EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 7 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks. ...

7.5AI Score

0.033EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 5 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...

10AI Score

0.924EPSS

2024-05-11 12:00 AM
3
nessus
nessus

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

8.7AI Score

EPSS

2024-05-11 12:00 AM
43
nessus
nessus

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

9.7AI Score

0.38EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 7 : xstream (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by ...

9.2AI Score

0.901EPSS

2024-05-11 12:00 AM
2
nessus
nessus

RHEL 6 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Malicious rule configuration files can be configured to run system commands...

7.7AI Score

0.016EPSS

2024-05-11 12:00 AM
1
nessus
nessus

RHEL 7 : nodejs-handlebars (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true ...

8.7AI Score

0.149EPSS

2024-05-11 12:00 AM
2
schneier
schneier

New Attack Against Self-Driving Car AI

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...

7AI Score

2024-05-10 04:01 PM
3
ics
ics

#StopRansomware: Black Basta

Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and...

10CVSS

6.1AI Score

0.967EPSS

2024-05-10 12:00 PM
14
openvas
openvas

WordPress XSS Vulnerability (Apr 2024) - Linux

WordPress is prone to a cross-site scripting (XSS) ...

7.2CVSS

6.6AI Score

0.001EPSS

2024-05-10 12:00 AM
19
openvas
openvas

WordPress XSS Vulnerability (Apr 2024) - Windows

WordPress is prone to a cross-site scripting (XSS) ...

7.2CVSS

6.6AI Score

0.001EPSS

2024-05-10 12:00 AM
11
openvas
openvas

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1592)

The remote host is missing an update for the Huawei...

7.8CVSS

7.5AI Score

0.011EPSS

2024-05-10 12:00 AM
3
qualysblog
qualysblog

Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS

With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...

7.6AI Score

2024-05-09 06:19 PM
6
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

9.8CVSS

9.7AI Score

EPSS

2024-05-09 04:49 PM
13
cvelist
cvelist

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol.....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-05-09 02:38 PM
ics
ics

Rockwell Automation FactoryTalk Historian SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Historian SE Vulnerabilities: Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...

7.5CVSS

7.3AI Score

0.001EPSS

2024-05-09 12:00 PM
4
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.201 for Mac and...

9.6CVSS

7.7AI Score

0.001EPSS

2024-05-09 12:00 AM
75
impervablog
impervablog

API Security and The Silent Menace of Unknown APIs

The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...

7.8AI Score

2024-05-08 10:59 PM
12
nuclei
nuclei

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main...

4.3CVSS

4.5AI Score

0.001EPSS

2024-05-08 11:45 AM
3
securelist
securelist

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...

8.5AI Score

2024-05-08 10:00 AM
8
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Xerces2

Summary Multiple vulnerabilities have been identified in Apache Xerces2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2022-23437 DESCRIPTION: **Apache...

6.5CVSS

8.7AI Score

0.019EPSS

2024-05-08 06:45 AM
3
nessus
nessus

GLSA-202405-29 : Node.js: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...

9.8CVSS

9.4AI Score

EPSS

2024-05-08 12:00 AM
8
ibm
ibm

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details ** CVEID: CVE-2024-23635 DESCRIPTION: **AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-05-07 08:43 PM
4
krebs
krebs

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack....

6.8AI Score

2024-05-07 05:36 PM
7
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0899-1)

The remote host is missing an update for...

5.5CVSS

7.9AI Score

0.009EPSS

2024-05-07 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:0898-1)

The remote host is missing an update for...

5.5CVSS

8AI Score

0.009EPSS

2024-05-07 12:00 AM
2
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

7.8CVSS

7.5AI Score

EPSS

2024-05-07 12:00 AM
6
spring
spring

This Week in Spring - May 7th, 2024

Hi, Spring fans! Welcome to another amazing installment of This Week in Spring! I'm in bellisima Rome, Italy, where I've just spent time in some fun meetings, and now I'm off to lovely London, UK, for Devoxx UK 2024. It's going to be amazing. If you're there, don't hesitate to say hi! I've got to.....

7.3AI Score

2024-05-07 12:00 AM
3
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.155 for Mac and ...

8AI Score

0.0004EPSS

2024-05-07 12:00 AM
69
ibm
ibm

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....

8.4CVSS

10AI Score

0.003EPSS

2024-05-06 10:05 PM
3
wordfence
wordfence

$563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 22th, 2024, during our second Bug Bounty Extravaganza,.....

6.1CVSS

6.2AI Score

0.001EPSS

2024-05-06 03:04 PM
22
securelist
securelist

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI Score

2024-05-06 10:00 AM
16
nessus
nessus

Oracle Linux 9 : kernel (ELSA-2024-2394)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2394 advisory. An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results...

9.8CVSS

8.2AI Score

0.011EPSS

2024-05-06 12:00 AM
8
nessus
nessus

Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...

8CVSS

8.2AI Score

0.0005EPSS

2024-05-06 12:00 AM
14
nessus
nessus

Rocky Linux 8 : bind9.16 (RLSA-2024:1781)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1781 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

7.5CVSS

7.3AI Score

0.05EPSS

2024-05-06 12:00 AM
2
Total number of security vulnerabilities38014