The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...
-0.1AI Score
RHEL 7 : Satellite Server (RHSA-2018:2927)
An update is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the...
9.8CVSS
0.5AI Score
EPSS
(RHSA-2018:2927) Important: Satellite 6.4 security, bug fix, and enhancement update
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): jackson-databind: Unsafe deserialization due to incomplete black list...
9AI Score
EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI ...
8.4CVSS
0.4AI Score
0.022EPSS
Security update for the Linux Kernel (important)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI...
0.4AI Score
0.022EPSS
Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give...
7.5CVSS
-0.3AI Score
0.949EPSS
Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 Fault Generation Vulnerability (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-12-342-01A Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller that was published December 11, 2012, on the NCCIC/ICS-CERT web site. Independent researcher Matthew Luallen of CYBATI has identified a...
6.6AI Score
0.003EPSS
RHEL 7 : JBoss EAP (RHSA-2017:0832)
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for...
7.8CVSS
AI Score
0.011EPSS
RHEL 6 : JBoss EAP (RHSA-2017:1410)
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,.....
8.1CVSS
0.4AI Score
0.024EPSS
RHEL 7 : JBoss EAP (RHSA-2016:1839)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
8.8CVSS
AI Score
0.07EPSS
RHEL 6 : JBoss EAP (RHSA-2017:0831)
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for...
7.8CVSS
AI Score
0.011EPSS
RHEL 7 : JBoss EAP (RHSA-2017:1411)
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,.....
8.1CVSS
0.4AI Score
0.024EPSS
RHEL 6 : JBoss EAP (RHSA-2016:1838)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
8.8CVSS
AI Score
0.07EPSS
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3754-1 advisory. The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows...
9.8CVSS
9.1AI Score
0.204EPSS
Mozilla Firefox < 57 Multiple Vulnerabilities
Versions of Mozilla Firefox earlier than 57 are unpatched for the following vulnerabilities : A race condition exists in 'dom/media/systemservices/MediaParent.cpp' that is triggered when getting deviceId keys. This may allow a context-dependent attacker to corrupt memory and potentially execute...
8.6AI Score
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 (RHSA-2018:2424)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2424 advisory. cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624) apache-cxf: TLS hostname...
5.9CVSS
7.6AI Score
0.013EPSS
Mozilla Firefox < 57.0.1 Multiple Vulnerabilities
Versions of Mozilla Firefox earlier than 57.0.1 are unpatched for the following vulnerabilities : A flaw exists in the 'PerDocumentStyleDataImpl::visited_styles_enabled()' function in 'servo/components/style/gecko/data.rs'. The issue is triggered when handling the CSS ':visited' selector for a...
7.5CVSS
1.8AI Score
0.006EPSS
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2423 advisory. cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624) apache-cxf: TLS hostname...
5.9CVSS
7.6AI Score
0.013EPSS
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and...
1.2AI Score
0.013EPSS
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and...
1.2AI Score
0.013EPSS
Debian DSA-4262-1 : symfony - security update
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of...
9.8CVSS
-0.2AI Score
0.006EPSS
[SECURITY] [DSA 4262-1] symfony security update
Debian Security Advisory DSA-4262-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq Package : symfony CVE ID : CVE-2016-2403 CVE-2017-1665 ...
9.8CVSS
8.4AI Score
0.006EPSS
Security Bulletin:GSKit vulnerable to FREAK - GSKit Ephemeral RSA Vulnerability
Summary GSKit with accept an Ephemeral RSA Key for non export CipherSuites in SSLV3.0 and TLS 1.0 Vulnerability Details CVE ID: CVE-2014-8730 DESCRIPTION: The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM...
3.4CVSS
1.2AI Score
0.975EPSS
9.8CVSS
7.2AI Score
0.006EPSS
-0.2AI Score
0.069EPSS
MicroFocus Secure Messaging Gateway Remote Code Execution Exploit
This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...
0.1AI Score
0.069EPSS
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
...
7.4AI Score
EPSS
Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)
Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution...
AI Score
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution Exploit
Exploit for php platform in category remote...
AI Score
0.069EPSS
MicroFocus Secure Messaging Gateway Remote Code Execution
This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...
8.7AI Score
RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2089)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2089 advisory. undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service...
9.8CVSS
8.7AI Score
0.939EPSS
RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2090)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2090 advisory. undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service...
9.8CVSS
8.7AI Score
0.939EPSS
(RHSA-2018:2090) Moderate: Red Hat JBoss Enterprise Application Platform security update
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and...
0.9AI Score
0.939EPSS
(RHSA-2018:2089) Moderate: Red Hat JBoss Enterprise Application Platform security update
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and...
0.9AI Score
0.939EPSS
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11600 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using...
9.8CVSS
0.9AI Score
0.905EPSS
Summary IBM Tivoli Netcool Impact has addressed the following vulnerabilities in IBM Tivoli Integrated Portal (TIP) . Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the....
9.8CVSS
1AI Score
0.039EPSS
Summary OpenSource Apache ActiveMQ Vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes...
9.8CVSS
0.8AI Score
0.039EPSS
Summary Jazz for Service Management (JazzSM) bundles the Open Source Apache ActiveMQ jar files for use by the underlying DASH/TWL Component and a vulnerability was reported related to the jar used Vulnerability Details CVEID: CVE-2014-3600 DESCRIPTION: Apache ActiveMQ could allow a remote attacker....
9.8CVSS
0.4AI Score
0.008EPSS
Summary There is a vulnerability related to the Networking component in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.0, that is used and shipped by IBM Rational License Key Server Administration and Reporting Tool Admin. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION:.....
7.5CVSS
-0.1AI Score
0.043EPSS
Security Bulletin: Vulnerability in RLKS Administration and Reporting Tool (CVE-2015-5045)
Summary A possible security vulnerability has been reported in IBM Rational License Key Server (RLKS) Administration and Reporting tool. There have been no reported exploits of this vulnerability. Vulnerability Details CVEID: CVE-2015-5045 DESCRIPTION: An unspecified vulnerability in RLKS...
3.3CVSS
-0.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6.0.16.0 and 7.0.9.10, that are used by IBM Rational License Key Server Administration and Reporting Tool Admin and Agent. These issues were disclosed as part of the IBM Java Runtime updates...
5.9CVSS
0.3AI Score
0.074EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.2 that is used by RLKS Administration and Reporting Tool. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java SE Embedded related to the JCE...
5.5CVSS
0.5AI Score
0.974EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.2 that is used by Rational License Key Server Administration and Reporting Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also...
3.4CVSS
0.4AI Score
0.975EPSS
Summary Two possible security vulnerabilities have been reported in RLKS Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities. Vulnerability Details CVE ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain sensitive information,....
3.4CVSS
0.2AI Score
0.975EPSS
Summary A possible security vulnerability has been reported in the Rational License Key Server Administration and Reporting Tool. There have been no reported exploits of this possible vulnerability, which is located in the JSSE component of IBM Java shipped with the tool and its agent....
0.3AI Score
0.008EPSS
Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel
Summary IBM QRadar Network Security has addressed vulnerabilities in Linux kernel. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard.....
9.8CVSS
0.9AI Score
0.905EPSS
Summary IBM Business Process Manager offers integration with external Enterprise Content Management (ECM) systems. If a process app is configured to always connect to an external ECM system using a predefined technical system account (rather than the actual end user), then the process app...
0.4AI Score
0.001EPSS
June 12, 2018—KB4284835 (OS Build 17134.112)
June 12, 2018—KB4284835 (OS Build 17134.112) Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections from an additional subclass of speculative execution side channel...
7.2AI Score
0.975EPSS
A week in security (June 4 – June 10)
Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven't already....
0.6AI Score
Facebook Software Bug Made Some Private Posts Public: 14 Million Affected
A Facebook software bug in May switched the “suggested audience” for posts to “public” for 14 millions of users. The glitch meant Facebook users who though they were sharing content with just friends or small groups actually made their posts available to the general public. The incident is the...
1.2AI Score