Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.5AI Score
0.0004EPSS
2024 Cybersecurity Trends: What’s Observable Already?
2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...
7.4AI Score
Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic.....
7.5CVSS
5.7AI Score
0.001EPSS
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
9CVSS
6.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python...
7.5CVSS
5.8AI Score
0.001EPSS
EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2024-1712)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...
7.5CVSS
7.3AI Score
0.05EPSS
TeamCity Server < 2023.11.0 Restore From Backup XSS
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.0. It is, therefore, affected by Cross Side Scripting Vulnerability during a Restore from Backup. Note that Nessus did not actually test for these issues,...
5.4CVSS
6.7AI Score
0.0004EPSS
EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...
8.8CVSS
8.2AI Score
0.006EPSS
EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2024-1723)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...
7.5CVSS
7.4AI Score
0.05EPSS
EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2024-1733)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...
8.8CVSS
7.8AI Score
0.006EPSS
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.3AI Score
0.0004EPSS
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.6AI Score
0.0004EPSS
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.3AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.013EPSS
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
10CVSS
9.3AI Score
EPSS
(RHSA-2024:3426) Important: varnish:6 security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish:6: HTTP/2 Broken Window Attack may result in denial of service...
6.8AI Score
0.0004EPSS
(RHSA-2024:3417) Moderate: mod_http2 security update
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.7AI Score
0.005EPSS
(RHSA-2024:3402) Moderate: mod_http2 security update
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
6.7AI Score
0.005EPSS
4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets
You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the...
6.7AI Score
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...
7AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0280
Updates of ['curl'] packages of Photon OS have been...
9.8CVSS
7.5AI Score
0.001EPSS
RHEL 9 : mod_http2 (RHSA-2024:3417)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
7.5CVSS
6.7AI Score
0.005EPSS
RHEL 8 : varnish:6 (RHSA-2024:3426)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3426 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.3AI Score
0.0004EPSS
RHEL 9 : mod_http2 (RHSA-2024:3402)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3402 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
7.5CVSS
6.7AI Score
0.005EPSS
Oracle Linux 8 : edk2 (ELSA-2024-3017)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3017 advisory. [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] -...
9.4CVSS
6AI Score
0.006EPSS
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
6.9AI Score
0.0004EPSS
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
7.2AI Score
0.0004EPSS
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-35237 MIT IdentiBot User-Kerberos Mapping Publicly Available
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
7AI Score
0.0004EPSS
CVE-2024-35237 MIT IdentiBot User-Kerberos Mapping Publicly Available
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
7.5CVSS
7.7AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF)
vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper input validation in the /Cover/Show route, allowing remote attackers to access internal HTTP servers and execute Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET...
6.4AI Score
EPSS
Fedora: Security Advisory for clamav (FEDORA-2024-34474f346b)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for freerdp (FEDORA-2024-c702ea0fb1)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for cockpit (FEDORA-2024-31e83b461d)
The remote host is missing an update for...
7.3CVSS
7.2AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp (FEDORA-2024-050266dc33)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for clamav (FEDORA-2024-1a79c2ef63)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for mod_http2 (FEDORA-2024-4812897dd1)
The remote host is missing an update for...
7.5CVSS
7.9AI Score
0.005EPSS
Fedora: Security Advisory for clamav (FEDORA-2024-92b8ac25a5)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for mediawiki (FEDORA-2024-2c564b942d)
The remote host is missing an update for...
7.3CVSS
5.9AI Score
0.001EPSS
Fedora: Security Advisory for mod_http2 (FEDORA-2024-1f11550e31)
The remote host is missing an update for...
7.5CVSS
7.9AI Score
0.005EPSS
Fedora: Security Advisory for freerdp (FEDORA-2024-1b11432d52)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp2 (FEDORA-2024-982a7184e0)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for mod_http2 (FEDORA-2024-528301bac2)
The remote host is missing an update for...
7.5CVSS
7.9AI Score
0.005EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created....
9.1CVSS
10AI Score
0.969EPSS
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk....
7.5CVSS
6.6AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
SBOM support in Spring Boot 3.3
Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...
6.5AI Score