CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
7.2AI Score
0.0004EPSS
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
0.0004EPSS
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine....
7.5AI Score
Motorola Solutions Vigilant License Plate Readers
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use...
7.6AI Score
0.0004EPSS
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to...
6.8AI Score
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.001EPSS
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...
7.8CVSS
7.5AI Score
0.001EPSS
4.4CVSS
4.9AI Score
0.0004EPSS
virt:kvm_utils1 security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...
5.5CVSS
7.2AI Score
0.0004EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...
9.1CVSS
9.2AI Score
0.0004EPSS
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...
9.1CVSS
0.0004EPSS
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...
9.1CVSS
7AI Score
0.0004EPSS
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath() function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored...
9.1CVSS
0.0004EPSS
scikit-learn is vulnerable to Improper Access Control. The vulnerability is due to the unexpected storage of all tokens in the stop_words_ attribute, which can leak sensitive information such as passwords or keys when using the TfidfVectorizer...
4.7CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means that it is also bound....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: VMAP_STACK overflow detection thread-safe commit 31da94c25aea ("riscv: add VMAP_STACK overflow detection") added support for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to shadow_stack temporarily before...
7.2AI Score
0.0004EPSS
8.3CVSS
7.5AI Score
0.0005EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
openSUSE: Security Advisory for libvirt (SUSE-SU-2024:1962-1)
The remote host is missing an update for...
6.2CVSS
6.5AI Score
0.0004EPSS
Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner
Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...
7.1AI Score
7.5CVSS
7.5AI Score
0.05EPSS
7.5CVSS
7.5AI Score
0.05EPSS
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
9.8CVSS
9.7AI Score
0.05EPSS
Azure Storage Movement Client Library Denial of Service Vulnerability
Azure Storage Movement Client Library Denial of Service...
7.5CVSS
7.1AI Score
0.001EPSS
Azure Storage Movement Client Library Denial of Service Vulnerability
Azure Storage Movement Client Library Denial of Service...
7.5CVSS
6.8AI Score
0.001EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
0.001EPSS
7.3CVSS
0.0005EPSS
7.3CVSS
7.2AI Score
0.0005EPSS
7.5CVSS
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.5CVSS
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
7.3CVSS
0.0005EPSS
CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
...
7.5CVSS
6.9AI Score
0.001EPSS
CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
...
7.5CVSS
0.001EPSS
...
7.8CVSS
6.9AI Score
0.001EPSS
7.8CVSS
0.001EPSS
Enhancing Velociraptor with the Cado Security Platform
_By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security _ Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly...
7.4AI Score
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
7.5CVSS
7.1AI Score
0.001EPSS
June 11, 2024—KB5039227 (OS Build 20348.2527)
June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....
9.8CVSS
7.3AI Score
0.003EPSS
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604)
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
7.8CVSS
8AI Score
0.001EPSS
June 11, 2024—KB5039236 (OS Build 25398.950)
June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
9.8CVSS
9.9AI Score
0.003EPSS