How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...
7.1AI Score
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through...
5.3AI Score
0.0004EPSS
CVE-2024-34416 WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through...
9.3AI Score
0.0004EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...
6AI Score
K000139592: libxml2 vulnerability CVE-2023-29469
Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...
6.7AI Score
0.001EPSS
7.4AI Score
0.001EPSS
7AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
5.7AI Score
0.0004EPSS
RHEL 8 : nettle (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nettle: Leaky data conversion exposing a manager oracle (CVE-2018-16869) Note that Nessus has not tested for this...
6AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : less (SUSE-SU-2024:1598-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1598-1 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because ...
7.5AI Score
RHEL 7 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Information disclosure in Collapsed forwarding (CVE-2016-10003) This vulnerability allows remote...
8AI Score
RHEL 7 : docker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. docker: IPv6 router advertisements allow for MitM attacks (CVE-2020-13401) docker: cli leaks private...
7.4AI Score
RHEL 6 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Heap overflow issue in URN processing (CVE-2019-12526) squid: Buffer overflow in reverse-proxy...
9.8AI Score
RHEL 5 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: possible fallback from untrusted to trusted X11 forwarding (CVE-2016-1908) Untrusted search...
8.4AI Score
RHEL 5 : imagemagick (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: Insufficient shell characters filtering (CVE-2016-3714) ImageMagick: use-after-free in...
9.8AI Score
RHEL 5 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...
10AI Score
RHEL 4 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: Bounds check can be...
7AI Score
RHEL 7 : node-fetch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) Note that Nessus has not...
7.9AI Score
RHEL 7 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: access control bypass by query (filter in LDAP terms) optimiser (CVE-2022-1949) 389-ds-base...
7.1AI Score
RHEL 8 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. squid: exposure of sensitive information in cache manager (CVE-2022-41317) Note that Nessus has not tested for this...
7AI Score
RHEL 9 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. squid: exposure of sensitive information in cache manager (CVE-2022-41317) Note that Nessus has not tested for this...
7.4AI Score
RHEL 6 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. 389-ds-base: Password brute-force possible for locked account due to different return codes ...
8.1AI Score
RHEL 6 : cups (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) A...
8.6AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.7AI Score
RHEL 8 : node-fetch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) Note that Nessus has not...
6.9AI Score
RHEL 6 : imagemagick (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c (CVE-2019-19952) Heap-based buffer...
9.6AI Score
RHEL 5 : subscription-manager (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. subscription-manager: sensitive world readable files in /var/lib/rhsm/ (CVE-2016-4455) Note that Nessus has not...
3.9AI Score
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...
8.4AI Score
RHEL 5 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...
8.8AI Score
RHEL 6 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717) samba:...
8.3AI Score
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
RHEL 7 : jetty (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jetty: Timing channel attack in util/security/Password.java (CVE-2017-9735) jetty: crafted URIs allow...
7.5AI Score
RHEL 7 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. samba: Symlink race error can allow directory creation outside of the exported share (CVE-2021-43566) ...
7.5AI Score
RHEL 7 : nettle (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nettle: Leaky data conversion exposing a manager oracle (CVE-2018-16869) A flaw was found in the way...
6.1AI Score
RHEL 5 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...
9.6AI Score
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-41419 DESCRIPTION: **Gevent could allow a remote attacker to...
10AI Score
0.969EPSS
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
6.7AI Score
0.001EPSS
An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...
7.2AI Score
0.001EPSS
An update is available for sushi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Sushi is a quick file previewer for Nautilus, the GNOME desktop file manager......
7.3AI Score
gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update
An update is available for gnome-menus, gnome-shell, gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing...
7.3AI Score
An update is available for systemd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for...
7AI Score
0.001EPSS
Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
5.7AI Score
0.001EPSS
7.3AI Score
Dell notifies customers about data breach
Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer...
7.5AI Score
CVE-2024-4129 Authentication bypass in Snow License Manager
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through...
8.7AI Score
0.0004EPSS
K000139579: Node.js vulneraility CVE-2024-21891
Security Advisory Description Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects...
7.5AI Score
0.0004EPSS
K000139570: UNIX CPIO vulnerability CVE-2023-7216
Security Advisory Description A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended...
5.4AI Score
0.001EPSS
K000139573: node.js vulnerability CVE-2024-22017
Security Advisory Description setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects.....
6.9AI Score
0.0004EPSS
K000139577: Node.js vulnerability CVE-2024-21890
Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/. This misleading...
4.8AI Score
0.0004EPSS