DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660, Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ 13.398630] ?...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ ...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ ...
7.3AI Score
0.0004EPSS
CVE-2023-52700 tipc: fix kernel warning when sending SYN message
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ ...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] [ ...
7.2AI Score
0.0004EPSS
8.7AI Score
0.0004EPSS
A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop...
8.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-22435 HPE NonStop Web ViewPoint Enterprise software, Unauthorized access
A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop...
7AI Score
0.0004EPSS
The State of Stalkerware in 2023–2024
The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...
6.8AI Score
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
6.9AI Score
0.001EPSS
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line....
6.2AI Score
0.973EPSS
openSUSE: Security Advisory for syncthing (openSUSE-SU-2023:0126-1)
The remote host is missing an update for...
5.5AI Score
0.001EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
Directory Traversal: Examples, Testing, and Prevention
Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowing unauthorized individuals to gain unauthorized access to specific files held within a server's database...
7.8AI Score
An Intro to Kafka and RabbitMQ: The Masters of Messaging In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for developers and organizations looking to handle high-volume, real-time data processing and messaging. But...
7.2AI Score
Malicious code in pdf2htmlex3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (8653c58975b64b6ccc0d8444ccd52bf0340ee3bba1ff946b68db2acd14dc98ce) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
In any strategy aimed at combating cyber threats, the essential peace is the adequate regulation of possible frailties or susceptibility points. This concept embodies a broad spectrum of actions covering the spotting, categorizing, ranking, and rectification of possible risk areas within a digital....
7.8AI Score
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
9AI Score
0.002EPSS
Description The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.4CVSS
5.9AI Score
0.001EPSS
Namaste! LMS < 2.6.1.2 - Reflected Cross-Site Scripting
Description The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.1CVSS
6.5AI Score
0.001EPSS
Dominating an imperative role in boosting the so-called 'efficiency quotient' within a networking system is the Quality of Service or QoS. Let's dive in and explore the crucial components that make QoS pivotal. In essence, QoS is a blend of a multitude of methodologies and hi-tech devices,...
7.9AI Score
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.7AI Score
0.001EPSS
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.6AI Score
0.001EPSS
Enhanced Discovery and Resolution, or more commonly known as XDR, serves as a revolutionary model in cybersecurity. It works by combining multiple security apparatuses into a solitary system, thus uplifting the ability for threat detections and subsequent responses. Unlike the standard...
7.4AI Score
Unpacking XDR: Broadened Acknowledgment and Response In the perpetually advancing domain of digital protection, new lingo and philosophies constantly emerge. Among the more recent additions is XDR, an acronym for Extended Detection and Response. This passage will provide a detailed insight into...
7.4AI Score
The Qualys Security Conference Mumbai: That’s a Wrap!
In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms...
7.3AI Score
Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based...
8.5AI Score
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...
7.5CVSS
7.5AI Score
0.0005EPSS
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make...
5.4CVSS
5.7AI Score
0.004EPSS
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API...
4.9CVSS
5AI Score
0.001EPSS
Description of the security update for SharePoint Enterprise Server 2016: April 11, 2023 (KB5002385)
Description of the security update for SharePoint Enterprise Server 2016: April 11, 2023 (KB5002385) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
8.1AI Score
0.004EPSS
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...
7.1AI Score
0.973EPSS
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service...
7.5CVSS
7.5AI Score
0.001EPSS
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query...
6.5CVSS
6.7AI Score
0.002EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
7.1CVSS
6.7AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
7.1CVSS
6.7AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
6.6AI Score
0.0004EPSS
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It's especially nice that all the code to support the new API was written and contributed.....
10CVSS
7.6AI Score
0.444EPSS
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....
4.4CVSS
4.6AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side....
9.8CVSS
9.4AI Score
0.002EPSS
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....
4.4CVSS
4.6AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....
6.6AI Score
0.0004EPSS
WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting...
6.1AI Score
0.001EPSS
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded...
6.9AI Score
0.002EPSS
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception...
6.7AI Score
0.002EPSS
Integrating Live Patching in SecDevOps Workflows
SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach.....
-0.3AI Score
Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability
Summary A type confusion vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20085 deals with overlapping annotations. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to trigger this....
0.1AI Score
0.001EPSS
Dynamic analysis of firmware components in IoT devices
Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object...
-0.6AI Score
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
2.9AI Score
Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck
Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident...
AI Score