Authenticated users can crash the CubeFS servers with maliciously crafted requests in...
6.5CVSS
6.7AI Score
0.0004EPSS
TeamViewer Detects Security Breach in Corporate IT Environment
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary...
7AI Score
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...
8.6CVSS
8.6AI Score
0.0004EPSS
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...
8.6CVSS
0.0004EPSS
CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...
8.6CVSS
0.0004EPSS
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins. Executive Summary On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the...
6.9AI Score
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation....
7.7AI Score
Summary The security issue described in CVE-2024-35153 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...
4.8CVSS
6.6AI Score
0.0004EPSS
OpenSSL 3.3.0 < 3.3.2 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.3.2. It is, therefore, affected by a vulnerability as referenced in the 3.3.2 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
7.3AI Score
0.0004EPSS
OpenSSL 1.0.2 < 1.0.2zk Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...
6.6AI Score
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...
7.5CVSS
7AI Score
0.001EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory. Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons ...
6.6AI Score
0.0004EPSS
OpenSSL 3.2.0 < 3.2.3 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.2.3. It is, therefore, affected by a vulnerability as referenced in the 3.2.3 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
6.6AI Score
0.0004EPSS
OpenSSL 3.0.0 < 3.0.15 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the 3.0.15 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...
6.6AI Score
0.0004EPSS
OpenSSL 3.1.0 < 3.1.7 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.1.7. It is, therefore, affected by a vulnerability as referenced in the 3.1.7 advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or...
6.6AI Score
0.0004EPSS
OpenSSL 1.1.1 < 1.1.1za Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1za. It is, therefore, affected by a vulnerability as referenced in the 1.1.1za advisory. Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash...
6.6AI Score
0.0004EPSS
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
7AI Score
P2Pinfect Botnet Now Targets Servers with Ransomware, Cryptominer
The P2Pinfect botnet, once dormant, is now attacking servers with ransomware and cryptomining malware. Patch your systems to avoid data encryption and financial...
7.3AI Score
Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability
Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...
6.5CVSS
6.6AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)
The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...
9.8CVSS
7.5AI Score
0.003EPSS
Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...
7.5CVSS
7.6AI Score
0.0004EPSS
RHEL 9 : kernel (RHSA-2024:4108)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4108 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: use...
8AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)
The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...
9.8CVSS
8.3AI Score
0.05EPSS
Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability
Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress.....
7.5CVSS
7AI Score
0.0004EPSS
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
7.9AI Score
0.0004EPSS
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
0.0004EPSS
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
0.0004EPSS
Authentication Bypasses in MOVEit Transfer and MOVEit Gateway
On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...
9.1CVSS
9.8AI Score
0.0004EPSS
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
0.0004EPSS
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
8AI Score
0.0004EPSS
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
0.0004EPSS
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
7AI Score
0.0004EPSS
7.1AI Score
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...
7.2AI Score
4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien...
7AI Score
Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....
7.5CVSS
6.4AI Score
0.001EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1849)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
HP PC BIOS Additional Security Update for TOCTOU
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...
7.6AI Score
EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1821)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 XSS (7158662)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7158662 advisory. IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...
4.8CVSS
6AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1844)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS...
7.5CVSS
6.9AI Score
0.001EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1828)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...
7.8CVSS
8AI Score
0.0005EPSS
EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1823)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS...
7.5CVSS
7.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1844)
The remote host is missing an update for the Huawei...
7.5CVSS
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1828)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...
7.4AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS