Google Maps Timeline Data to be Stored Locally on Your Device for Privacy
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...
7.2AI Score
7.4AI Score
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.4AI Score
0.0004EPSS
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando...
7.4AI Score
Moderate: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...
7.3CVSS
7.5AI Score
0.0004EPSS
RHEL 8 : cockpit (RHSA-2024:3667)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...
7.3CVSS
7.5AI Score
0.0004EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.001EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.001EPSS
wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl
wolfictl leaks GitHub tokens to remote non-GitHub git servers in...
4.4CVSS
6.4AI Score
0.0004EPSS
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8.....
9.9CVSS
8.5AI Score
0.938EPSS
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...
7.5CVSS
8AI Score
0.955EPSS
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet
Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...
7.3AI Score
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
7.8CVSS
6AI Score
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...
6.5AI Score
0.0004EPSS
RHEL 6 : fetchmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. fetchmail: DoS (crash) in the base64 decoder upon server NTLM protocol exchange abort right after the ...
7.6AI Score
0.014EPSS
RHEL 5 : libxfixes (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXfixes: Insufficient validation of server responses results in Integer overflow (CVE-2016-7944) ...
9.8CVSS
10AI Score
0.013EPSS
RHEL 5 : libxi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXi: Multiple Array Index error leading to heap-based OOB write (CVE-2013-1998) libXi: Insufficient...
7.5CVSS
8.9AI Score
0.014EPSS
RHEL 5 : libxrender (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...
9.8CVSS
10AI Score
0.014EPSS
RHEL 5 : libxv (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXv: Insufficient validation of server responses results in out-of bounds accesses (CVE-2016-5407) ...
9.8CVSS
10AI Score
0.011EPSS
RHEL 5 : libxxf86dga (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXxf86dga: Array Index error leading to heap-based OOB write (CVE-2013-2000) Multiple integer...
7.5AI Score
0.015EPSS
RHEL 5 : subversion (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: Command injection through clients via malicious svn+ssh URLs (CVE-2017-9800) Svnserve in...
9.8CVSS
8.9AI Score
0.129EPSS
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
7.8CVSS
7.8AI Score
0.024EPSS
RHEL 7 : libx11 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Insufficient validation of server responses in FontNames (CVE-2016-7943) The XGetImage function...
6.7CVSS
10AI Score
EPSS
RHEL 7 : libxtst (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...
9.8CVSS
9.8AI Score
0.01EPSS
RHEL 7 : bzr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bzr: does not strip bzr+ssh SSH options (CVE-2017-14176) Algorithmic complexity vulnerability in the...
8.8CVSS
8.1AI Score
0.053EPSS
RHEL 5 : vnc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tigervnc: NULL pointer dereference flaw in XRegion (CVE-2014-8241) Integer overflow in TigerVNC allows...
9.8CVSS
8.3AI Score
0.015EPSS
RHEL 6 : openldap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap: incorrect multi-keyword mode cipherstring parsing (CVE-2015-3276) ...
7.5CVSS
7.1AI Score
0.915EPSS
RHEL 5 : bind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) ISC...
7.5CVSS
7.1AI Score
0.934EPSS
RHEL 6 : libxtst (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) X.org...
9.8CVSS
9.7AI Score
0.01EPSS
RHEL 7 : curl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. curl: FTP wildcard out of bounds read (CVE-2017-8817) CRLF injection vulnerability in libcurl 6.0...
8.8CVSS
7.5AI Score
0.017EPSS
RHEL 7 : bind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. DNS response rate limiting can simplify cache poisoning attacks (CVE-2013-5661) ISC BIND through...
7.5CVSS
7.5AI Score
0.01EPSS
EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...
7.5CVSS
8AI Score
0.05EPSS
EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1783)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...
7.5CVSS
8.1AI Score
0.05EPSS
RHEL 8 : odo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) ...
7.5CVSS
8.3AI Score
0.005EPSS
RHEL 7 : ruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ruby: Fiddle::Function.new heap buffer overflow (CVE-2016-2339) DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2,...
8.1CVSS
7.7AI Score
0.08EPSS
RHEL 5 : wget (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: FTP symlink arbitrary filesystem access (CVE-2014-4877) wget: Lack of filename checking allows...
8.8CVSS
7.8AI Score
0.955EPSS
RHEL 5 : gnutls (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnutls: Heap read overflow in read-packet.c (CVE-2017-5337) The TLS protocol 1.2 and earlier, as used in...
7.5CVSS
7.4AI Score
0.256EPSS
RHEL 5 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) libxml2: Missing...
9.8CVSS
8.1AI Score
0.106EPSS
RHEL 5 : libxtst (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXtst: Insufficient validation of server responses result in Integer overflows (CVE-2016-7951) Integer...
9.8CVSS
10AI Score
0.01EPSS
RHEL 5 : libx11 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) Multiple integer overflows...
9.8CVSS
8.6AI Score
0.066EPSS
RHEL 5 : libxvmc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXvMC: Insufficient validation of server responses results in buffer underflow (CVE-2016-7953) ...
9.8CVSS
10AI Score
0.019EPSS
RHEL 6 : pidgin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML (CVE-2017-2640) ...
5.5CVSS
5.8AI Score
0.021EPSS
RHEL 8 : flex (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. flex: Recursive calls in the function mark_beginning_as_normal resulting in a denial of service (CVE-2019-6293) ...
5.5CVSS
7.4AI Score
0.001EPSS
RHEL 6 : libxrender (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...
9.8CVSS
10AI Score
0.014EPSS
RHEL 7 : libxrender (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libXrender: Insufficient validation of server responses results out-of-bounds write in...
9.8CVSS
7.9AI Score
0.014EPSS
RHEL 7 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php-pear: Unsafe deserialization of data in Archive_Tar class (CVE-2018-1000888) PECL in the download...
7.5CVSS
7.7AI Score
0.015EPSS
RHEL 7 : pidgin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pidgin: MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities (CVE-2016-2368) pidgin: Eavesdropping...
8.8CVSS
7.4AI Score
0.021EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1797)
The remote host is missing an update for the Huawei...
7.8CVSS
7AI Score
0.024EPSS
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
7.8CVSS
7.7AI Score
0.024EPSS