4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien...
7AI Score
CVE-2022-45639 affecting package sleuthkit 4.9.0-4
CVE-2022-45639 affecting package sleuthkit 4.9.0-4. No patch is available...
7.8CVSS
7.5AI Score
0.004EPSS
CVE-1999-0901 affecting package ypserv 4.1-4
CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2021-28543 affecting package varnish-modules 0.16.0-4
CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.002EPSS
CVE-2022-25345 affecting package opus 1.3.1-4
CVE-2022-25345 affecting package opus 1.3.1-4. No patch is available...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-1999-0902 affecting package ypserv 4.1-4
CVE-1999-0902 affecting package ypserv 4.1-4. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2007-1397 affecting package fish 3.1.2-4
CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.5AI Score
0.171EPSS
CVE-2017-5834 affecting package libplist 2.1.0-4
CVE-2017-5834 affecting package libplist 2.1.0-4. No patch is available...
5.5CVSS
7.1AI Score
0.002EPSS
CVE-2022-1941 affecting package mysql 8.0.35-4
CVE-2022-1941 affecting package mysql 8.0.35-4. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2022-20001 affecting package fish 3.1.2-4
CVE-2022-20001 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.8CVSS
8AI Score
0.002EPSS
CVE-2017-5836 affecting package libplist 2.1.0-4
CVE-2017-5836 affecting package libplist 2.1.0-4. No patch is available...
7.5CVSS
7.7AI Score
0.003EPSS
CVE-2017-5835 affecting package libplist 2.1.0-4
CVE-2017-5835 affecting package libplist 2.1.0-4. No patch is available...
7.5CVSS
7.1AI Score
0.003EPSS
CVE-2013-7381 affecting package libnotify 0.7.9-4
CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...
9.8CVSS
7AI Score
0.003EPSS
CVE-2023-25136 affecting package openssh 8.9p1-4
CVE-2023-25136 affecting package openssh 8.9p1-4. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.009EPSS
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...
5.5CVSS
7.2AI Score
0.467EPSS
CVE-2000-0006 affecting package strace 5.16-4
CVE-2000-0006 affecting package strace 5.16-4. This CVE either no longer is or was never...
6.7AI Score
0.001EPSS
CVE-2022-44793 affecting package net-snmp 5.9-4
CVE-2022-44793 affecting package net-snmp 5.9-4. No patch is available...
6.5CVSS
6.9AI Score
0.003EPSS
CVE-2018-14040 affecting package boost 1.66.0-4
CVE-2018-14040 affecting package boost 1.66.0-4. This CVE either no longer is or was never...
6.1CVSS
7.4AI Score
0.008EPSS
CVE-2022-39348 affecting package python-twisted 20.3.0-4
CVE-2022-39348 affecting package python-twisted 20.3.0-4. No patch is available...
5.4CVSS
7.5AI Score
0.002EPSS
CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4
CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...
7.5CVSS
7.5AI Score
0.003EPSS
CVE-2022-3857 affecting package libpng 1.6.37-4
CVE-2022-3857 affecting package libpng 1.6.37-4. No patch is available...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2020-14150 affecting package bison 3.1-4
CVE-2020-14150 affecting package bison 3.1-4. No patch is available...
5.5CVSS
7.5AI Score
0.0004EPSS
CVE-2022-3515 affecting package gnupg2 2.2.20-4
CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2022-44792 affecting package net-snmp 5.9-4
CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...
6.5CVSS
6.9AI Score
0.003EPSS
CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4
CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4. This CVE either no longer is or was never...
5.7CVSS
7.5AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, terraform-provider-aws, cloudflared, ollama, kubeflow-katib, zarf, prometheus-postgres-exporter, docker-compose, protoc-gen-go-grpc, kubevela, nri-prometheus, falco, prometheus-elasticsearch-exporter, jaeger-agent,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: yam, s5cmd, addon-resizer, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, local-path-provisioner, frp, velero-plugin-for-aws, aws-efs-csi-driver, crane, govulncheck, bom, trust-manager,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, yam, s5cmd, addon-resizer, buildah, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, gops, frp, local-path-provisioner, traefik, velero-plugin-for-aws, libnvidia-container,.....
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, terraform-provider-aws, cloudflared, ollama, kubeflow-katib, ko, prometheus-postgres-exporter, step, coredns, falco, dynamic-localpv-provisioner, grype, kyverno, nats, boring-registry, loki, vexctl, istio-pilot-agent, apko, dex, kubescape,....
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, terraform-provider-aws, cloudflared, ollama, kubeflow-katib, zarf, prometheus-postgres-exporter, docker-compose, protoc-gen-go-grpc, kubevela, nri-prometheus, falco, prometheus-elasticsearch-exporter, jaeger-agent,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: yam, s5cmd, addon-resizer, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, local-path-provisioner, frp, velero-plugin-for-aws, aws-efs-csi-driver, crane, govulncheck, bom, trust-manager,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, yam, s5cmd, addon-resizer, buildah, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, gops, frp, local-path-provisioner, traefik, velero-plugin-for-aws, libnvidia-container,.....
9.8CVSS
9.7AI Score
0.001EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, yam, s5cmd, addon-resizer, buildah, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, gops, frp, local-path-provisioner, traefik, velero-plugin-for-aws, libnvidia-container,.....
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, terraform-provider-aws, cloudflared, ollama, kubeflow-katib, ko, prometheus-postgres-exporter, step, coredns, falco, dynamic-localpv-provisioner, grype, kyverno, nats, boring-registry, loki, vexctl, istio-pilot-agent, apko, dex, kubescape,....
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, yam, s5cmd, addon-resizer, buildah, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, gops, frp, local-path-provisioner, traefik, velero-plugin-for-aws, libnvidia-container,.....
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
6AI Score
0.0004EPSS
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...
EPSS
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...
8.1AI Score
EPSS
Cloud Software Group Security Advisory for CVE-2024-3661
Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...
7.6CVSS
6.7AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.9AI Score
EPSS