In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within....
6.3CVSS
6.3AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within....
6.3CVSS
6.3AI Score
0.001EPSS
Server side request forgery (ssrf)
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within....
6.3CVSS
6.3AI Score
0.001EPSS
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within....
6.3CVSS
6.5AI Score
0.001EPSS
Intel 2023.1 IPU – BIOS February 2023 Security Updates
Intel has informed HP of potential vulnerabilities identified in some Intel® Processors with Intel® Software Guard Extensions (SGX) that might allow information disclosure and potential vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology (TXT) Secure Initialization (SINIT)....
8.2CVSS
1.9AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...
8.8CVSS
9.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...
8.8CVSS
9.6AI Score
0.001EPSS
Malwarebytes recognized as endpoint security leader by G2
G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on verified customer reviews, Malwarebytes has been ranked #1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of...
0.6AI Score
Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and...
-0.3AI Score
Debian DLA-3316-1 : postgresql-11 - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3316 advisory. PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport...
5AI Score
0.001EPSS
IBM Infosphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-08069)
IBM InfoSphere Information Server is a data integration platform from International Business Machines (IBM). A cross-site scripting vulnerability exists in IBM Infosphere Information Server version 11.7, which stems from the presence of cross-site scripting that could be exploited by an attacker...
1.9AI Score
0.0005EPSS
PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server...
3.7CVSS
3AI Score
0.001EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a8b6170-a889-11ed-bbae-6cc21735f730 advisory. PostgreSQL Project reports: A modified, unauthenticated server can send an ...
5AI Score
0.001EPSS
Russian Hackers Using Graphiron Malware to Steal Data from Ukraine
A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team....
0.9AI Score
On the 20th Safer Internet Day, what was security like back in 2004?
Today is the 20th Safer Internet Day. Since 2004, there's been an annual event designed to "Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world." 2004 was a key year for several safety activities, encompassing....
-0.6AI Score
Event Management System SQL Injection Vulnerability
Calendar Event Management System is an event management system. SQL injection vulnerability exists in Calendar Event Management System version 2.3.0, which stems from the presence of certain unknown processing in the component Login Page, with the parameter name/pwd leading to SQL injection. No...
9.8CVSS
2.8AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...
9.8AI Score
0.007EPSS
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions....
-0.1AI Score
Amazon Still Selling T95 TV Box with Pre-Installed Malware
By Deeba Ahmed Malwarebytes has confirmed that, despite confirmed reports of the presence of pre-installed malware in T95 TV boxes, Amazon is still allowing their sale. This is a post from HackRead.com Read the original post: Amazon Still Selling T95 TV Box with Pre-Installed...
2.1AI Score
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of...
6.5CVSS
7AI Score
0.001EPSS
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of...
7.2CVSS
6.5AI Score
0.001EPSS
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of...
6.5CVSS
6.5AI Score
0.001EPSS
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of...
7.2CVSS
7.2AI Score
0.001EPSS
Rocky Linux 8 : firefox (RLSA-2022:8580)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8580 advisory. Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed...
9.7AI Score
0.002EPSS
Threat Round up for January 20 to January 27
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 20 and Jan. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,....
AI Score
7.5CVSS
8.2AI Score
0.948EPSS
Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation
Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the.....
-0.1AI Score
PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration
Cybersecurity researchers have unearthed a new attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. "This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control.....
1.5AI Score
cakephp/cakephp is vulnerable to Privilege Escalation. A remote attacker is able to directly access prefixed actions without setting the correct request parameters due to unconventional URL paths, which allows an attacker to elevate privileges when the authorization depends on the presence of the.....
6.7AI Score
Popeye - A Kubernetes Cluster Resource Sanitizer
Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects...
-0.3AI Score
Solaris 10 dtprintinfo Local Privilege Escalation Exploit
Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM...
7.6AI Score
Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability
Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve...
7.5CVSS
8.8AI Score
0.348EPSS
ConduitController: Smart Contract Initial Owner Vulnerability
Lines of code Vulnerability details Bug Description The createConduit function in the ConduitController smart contract is responsible for deploying new conduits, or contracts that allow registered callers (or open "channels") to transfer approved ERC20/721/1155 tokens on their behalf. The function....
6.9AI Score
[updated]Ransomware money laundering operation disrupted, founder arrested
The US Department of Justice (DOJ) has released information about the arrest of Anatoly Legkodymov, the founder and majority owner of a cryptocurrency exchange called Bitzlato, on money laundering charges. Legkodymov, a Russian national who lives in China, is accused of processing over $700...
-0.2AI Score
NVIDIA® GPU Display Driver November 2022 Security Update
NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released software updates to mitigate these...
8.8CVSS
2.1AI Score
0.001EPSS
0.3AI Score
0.348EPSS
Publify Input Validation Error Vulnerability (CNVD-2023-04309)
Publify is a simple but full-featured web publishing software. versions of Publify prior to 9.2.10 are vulnerable to an input validation error, which stems from the presence of an integer overflow issue. No detailed vulnerability details are currently...
9.8CVSS
4.7AI Score
0.002EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04313)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are currently...
6.1CVSS
1.9AI Score
0.001EPSS
radare2 injection vulnerability
radare2 is a set of libraries and tools for working with binaries. radare2 versions prior to 5.8.2 have a security vulnerability that stems from the inability to clean up special elements to a different plane and the presence of special element injection. No detailed vulnerability details are...
7.8CVSS
4.2AI Score
0.001EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04312)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are currently...
5.4CVSS
1.9AI Score
0.0005EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04315)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are currently...
5.4CVSS
1.9AI Score
0.0005EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04318)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are currently...
5.4CVSS
1.9AI Score
0.0005EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04316)
phpMyFAQ is a multilingual, fully database-driven FAQ system by Thorsten Rinne, a personal developer. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are...
5.4CVSS
1.7AI Score
0.0005EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04317)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of stored cross-site scripting (XSS). No detailed vulnerability details are currently...
5.4CVSS
1.9AI Score
0.0005EPSS
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-04311)
phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.10 are vulnerable to a cross-site scripting vulnerability that stems from the presence of reflective cross-site scripting (XSS). No detailed vulnerability details are currently...
6.1CVSS
1.7AI Score
0.001EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525_check Description: This script checks for the...
9.8CVSS
2.4AI Score
0.975EPSS
Threat Round up for January 6 to January 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 6 and Jan. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....
0.2AI Score
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse...
AI Score
Unbreakable Enterprise kernel security update
[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...
8.8CVSS
8.6AI Score
0.001EPSS
DER Entitlements: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be exploitable on iOS 16 and macOS Ventura, iOS 16.2 and macOS Ventura 13.1 nevertheless shipped hardening...
7.1CVSS
7.4AI Score
0.001EPSS