A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...
9.8CVSS
8.9AI Score
0.056EPSS
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...
9.2AI Score
0.056EPSS
Security Advisory - Remote Code Execution Vulnerability in Fastjson
A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. (Vulnerability...
8.2AI Score
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...
7.5CVSS
7.5AI Score
0.004EPSS
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...
7.5CVSS
7.5AI Score
0.004EPSS
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...
7.5CVSS
7.5AI Score
0.004EPSS
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...
7.5AI Score
0.004EPSS
Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product
There is a buffer overflow vulnerability in Huawei Atlas product. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. (Vulnerability ID: HWPSIRT-2019-08062) This vulnerability has been...
5.5CVSS
5.8AI Score
0.0004EPSS
Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. (Vulnerability ID: HWPSIRT-2019-10076) This vulnerability has been....
7.5CVSS
7.1AI Score
0.004EPSS
HQWar: the higher it flies, the harder it drops
Mobile dropper Trojans are one of today's most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers' main task is to deliver payload while...
-0.5AI Score
Security update for neovim (important)
An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...
8.6CVSS
-0.3AI Score
0.004EPSS
The Fully Remote Attack Surface of the iPhone
Posted by Natalie Silvanovich, Project Zero While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well...
9.8CVSS
8.9AI Score
0.128EPSS
Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages
Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has.....
0.1AI Score
0.128EPSS
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which...
9.8CVSS
2.5AI Score
0.128EPSS
7.4AI Score
EPSS
9.8CVSS
0.4AI Score
0.056EPSS
macOS Sierra / High Sierra Multiple Vulnerabilities (Security Update 2019-004)
The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : An application may be able to read restricted memory (CVE-2019-8691, CVE-2019-8692, CVE-2019-8693) Extracting a zip file containing a...
9.8CVSS
8.9AI Score
0.961EPSS
Apple TV < 12.4 Multiple Vulnerabilities
According to its banner, the version of Apple TV on the remote device is prior to 12.4. It is therefore affected by multiple vulnerabilities as described in...
9.8CVSS
AI Score
0.961EPSS
macOS 10.14.x < 10.14.6 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities : An application may be able to read restricted memory (CVE-2019-8691, CVE-2019-8692, CVE-2019-8693) Extracting a zip file containing a symbolic...
9.8CVSS
8.8AI Score
0.961EPSS
Security update for neovim (important)
An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...
8.6CVSS
-0.3AI Score
0.004EPSS
9.8CVSS
7.4AI Score
0.961EPSS
Apple iOS < 12.4 Multiple Vulnerabilities
The version of Apple iOS running on the mobile device is prior to 12.4. It is, therefore, affected by multiple...
2.8AI Score
About the security content of tvOS 12.4
About the security content of tvOS 12.4 This document describes the security content of tvOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
9.8CVSS
0.3AI Score
0.961EPSS
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra This document describes the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. About Apple security updates For...
9.8CVSS
0.6AI Score
0.961EPSS
openSUSE: Security Advisory for neovim (openSUSE-SU-2019:1759-1)
The remote host is missing an update for...
8.6CVSS
9AI Score
0.004EPSS
About the security content of iOS 12.4
About the security content of iOS 12.4 This document describes the security content of iOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent....
9.8CVSS
0.1AI Score
0.961EPSS
About the security content of watchOS 5.3
About the security content of watchOS 5.3 This document describes the security content of watchOS 5.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available......
9.8CVSS
0.7AI Score
0.961EPSS
openSUSE Security Update : neovim (openSUSE-2019-1759)
This update for neovim fixes the following issues : neovim was updated to version 0.3.7 : CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5 : options: properly reset directories on 'autochdir' Remove MSVC...
8.6CVSS
9.1AI Score
0.004EPSS
Security update for neovim (important)
An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...
8.6CVSS
-0.3AI Score
0.004EPSS
After nearly 6 years of tearing apart 'internet of things' devices, here's a look at the high level fails that we keep seeing. We're not going to go in to point issues such as Wi-Fi credential leakage and Bluetooth compromise: our blog is littered with those! What are the root issues and what can.....
6.7AI Score
Meet Extenbro, a new DNS-changer Trojan protecting adware
Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an...
0.4AI Score
Siemens IE/PB LINK PN IO Ethernet to PROFIBUS Communications Adapter
As a stand-alone component, the IE/PB LINK PN IO builds the seamless transition between Industrial Ethernet and PROFIBUS by means of real-time communication (RT) and thus enables existing PROFIBUS devices to be integrated into a PROFINET application. From the viewpoint of the IO Controller, all DP....
1.6AI Score
jadwork.net Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-880494 Security Researcher Mughiwara Helped patch 192 vulnerabilities Received 2 Coordinated Disclosure badges Received 4 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting jadwork.net website and its.....
0.1AI Score
Mother's Day Online Shoppers Were Active, and So Were Threat Actors
Mother's Day is a major online shopping event that attracts both shoppers as well as threat actors. Earlier in the year, we reported on the United Kingdom's version, called Mothering Sunday. An eMarketer spending forecast predicted that in the United States, retail gift spending would increase,...
-0.3AI Score
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length ...
0.8AI Score
0.36EPSS
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1518)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature ...
0.5AI Score
0.003EPSS
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel ...
0.5AI Score
0.03EPSS
EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1489)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an...
0.4AI Score
0.054EPSS
What to do when you discover a data breach
Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which...
-0.4AI Score
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary....
5.5CVSS
6.6AI Score
0.001EPSS
Who is managing the security of medical management apps?
One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...
-0.3AI Score
Cardinal RAT Resurrected to Target FinTech Firms
A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...
0.2AI Score
TheCarProject v2 - Multiple SQL Injection Vulnerability
Exploit for php platform in category web...
AI Score
0.2AI Score
7.4AI Score
0.3AI Score
libmatio.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists through a possible stack-based buffer over-read in a memcpy operation in Mat_VarReadNextInfo5() in src/mat5.c, resulting in a denial of service condition when the vulnerability is...
9.1CVSS
8.7AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.2AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
8.8AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
7AI Score
0.006EPSS