[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
Debian Security Advisory DSA-5702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 01, 2024 https://www.debian.org/security/faq Package : gst-plugins-base1.0 CVE ID : CVE-2024-4453 An...
7.8CVSS
7.4AI Score
6.5AI Score
0.019EPSS
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.9AI Score
0.0004EPSS
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.7AI Score
0.0004EPSS
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
8.2AI Score
VSS Snapshot Creation Delay on Server with DFSR Enabled
When preparing the DFS VSS writer for backup, the Veeam Agent gets into a recursion while checking the files in the scope of the DFS...
7.1AI Score
How to Configure PXE Booting of Veeam Agent for Linux Recovery Media
This article documents how to configure Linux to PXE boot the Veeam Agent for Linux Recovery Media over a...
7AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-068)
The version of kernel installed on the remote host is prior to 5.4.271-184.369. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-068 advisory. In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in ...
7AI Score
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
This error occurs when the storage device is formatted with a 4k logical block size and the Veeam Data Mover Service does not have sufficient permissions to determine the logical block...
7AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
8.3AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
8.2AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
[SECURITY] [DLA 3824-1] gst-plugins-base1.0 security update
Debian LTS Advisory DLA-3824-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 30, 2024 https://wiki.debian.org/LTS Package : gst-plugins-base1.0 Version : 1.14.4-2+deb10u3 CVE...
7.8CVSS
6.7AI Score
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
7.4AI Score
Mitigate Http/2 continuations with Imperva WAF
As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its.....
7.2AI Score
7.4AI Score
0.019EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.2AI Score
0.001EPSS
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....
7.1AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score
5.7AI Score
0.004EPSS
7.5AI Score
0.0004EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.6AI Score
0.037EPSS
Google Chrome < 125.0.6422.141 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 125.0.6422.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory. Heap buffer overflow in WebRTC. (CVE-2024-5493) Use after free in...
8.4AI Score
Google Chrome < 125.0.6422.141 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 125.0.6422.141. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_30 advisory. Heap buffer overflow in WebRTC. (CVE-2024-5493) Use after free in Dawn....
8.1AI Score
Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...
7.5AI Score
Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an...
7.4AI Score
Debian dla-3824 : gir1.2-gst-plugins-base-1.0 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3824 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3824-1 [email protected] ...
6.8AI Score
Veritas System Recovery Installed (Windows)
Veritas System Recovery, a backup and disaster recovery application is installed on the remote Windows...
7.4AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.5AI Score
Is Your Computer Part of ‘The Largest Botnet Ever?’
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...
7.4AI Score
New Generative AI category added to Talos reputation services
Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...
6.8AI Score
A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input...
5.7AI Score
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input...
5.8AI Score
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
9.8AI Score
0.001EPSS