Lucene search

K

EMC Storage M&R Security Vulnerabilities

thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
2
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
66
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 Argument injection vulnerability in PHP...

9.8CVSS

7.2AI Score

0.932EPSS

2024-06-15 02:49 AM
31
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 PoC and Bulk Scanner Overview This...

8.6CVSS

6.7AI Score

0.001EPSS

2024-06-14 11:05 PM
38
schneier
schneier

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I'm speaking on...

7.2AI Score

2024-06-14 03:59 PM
rocky
rocky

libvirt bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

7.4AI Score

2024-06-14 02:00 PM
1
rocky
rocky

kernel-rt security and bug fix update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-14 01:59 PM
3
osv
osv

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

5.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

virt:rhel and virt-devel:rhel security and enhancement update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

7CVSS

7.4AI Score

0.002EPSS

2024-06-14 01:59 PM
rocky
rocky

virt:rhel and virt-devel:rhel security update

An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...

6.2CVSS

6.8AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

kernel update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-14 01:59 PM
thn
thn

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed,...

7.1AI Score

2024-06-14 01:21 PM
11
vulnrichment
vulnrichment

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.3AI Score

0.0004EPSS

2024-06-14 08:25 AM
cvelist
cvelist

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.0004EPSS

2024-06-14 08:25 AM
fedora
fedora

[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-14 04:43 AM
redhatcve
redhatcve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

7AI Score

0.0004EPSS

2024-06-14 04:12 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-14 01:45 AM
redhatcve
redhatcve

CVE-2023-46103

A flaw was found in intel-microcode. The sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra processors that may allow an authenticated user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the...

4.7CVSS

4.4AI Score

0.0004EPSS

2024-06-14 01:42 AM
redhatcve
redhatcve

CVE-2023-45745

A flaw was found in intel-microcode. Improper input validation in some Intel(R) TDX module software may allow a privileged user to enable escalation of privilege via local access. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat....

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-14 01:12 AM
redhatcve
redhatcve

CVE-2023-45733

A flaw was found in intel-microcode. The hardware logic contains race conditions in some Intel(R) processors that may allow an authenticated user to enable partial information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currently available...

2.8CVSS

3.2AI Score

0.0004EPSS

2024-06-14 01:12 AM
nessus
nessus

Rocky Linux 9 : kernel (RLSA-2024:3619)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3619 advisory. * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: fs: sysfs: Fix reference leak in...

8.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

9.8CVSS

7.3AI Score

0.002EPSS

2024-06-14 12:00 AM
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
44
nessus
nessus

Rocky Linux 8 : kernel (RLSA-2024:3138)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s),...

9.8CVSS

7.7AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

7.2AI Score

0.001EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : kernel-rt (RLSA-2024:2950)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ...

9.8CVSS

7.8AI Score

EPSS

2024-06-14 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...

9.8CVSS

8.4AI Score

0.005EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) Tenable has extracted the preceding description block directly from the.....

6.2CVSS

9.4AI Score

0.001EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : kernel-rt (RLSA-2024:3627)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

9.3AI Score

0.001EPSS

2024-06-14 12:00 AM
nessus
nessus

Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...

8.8CVSS

7.5AI Score

0.002EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

9.5AI Score

0.001EPSS

2024-06-14 12:00 AM
osv
osv

CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-13 07:39 PM
github
github

CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-13 07:39 PM
talosblog
talosblog

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

7.1AI Score

2024-06-13 06:00 PM
2
cvelist
cvelist

CVE-2024-38280 Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...

0.0004EPSS

2024-06-13 05:05 PM
1
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
cve
cve

CVE-2024-37306

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
nvd
nvd

CVE-2024-37306

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

0.0004EPSS

2024-06-13 03:15 PM
osv
osv

CVE-2024-37306

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-06-13 03:15 PM
nvd
nvd

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

0.0004EPSS

2024-06-13 03:15 PM
3
cve
cve

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
osv
osv

CVE-2024-37164

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-13 03:15 PM
1
cvelist
cvelist

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

0.0004EPSS

2024-06-13 02:18 PM
5
vulnrichment
vulnrichment

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.6AI Score

0.0004EPSS

2024-06-13 02:18 PM
2
osv
osv

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

7.7AI Score

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
11
Total number of security vulnerabilities193030