Fedora: Security Advisory for galera (FEDORA-2024-6ea93e629b)
The remote host is missing an update for...
4.9CVSS
5.3AI Score
0.0005EPSS
RHEL 8 : nghttp2 (RHSA-2024:3763)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3763 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...
5.3CVSS
7.3AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3783)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.9AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0004EPSS
Fedora: Security Advisory for nginx (FEDORA-2024-06e6dcbb42)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0004EPSS
Fedora: Security Advisory for nginx (FEDORA-2024-2e4858330c)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
6.7AI Score
0.0004EPSS
CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
6.7AI Score
0.0004EPSS
CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...
0.0004EPSS
Sttr - Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...
7.4AI Score
Recon Tool Installation git clone...
8.6CVSS
8.6AI Score
0.945EPSS
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1949-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1949-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has extracted the preceding description block...
8AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...
7AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...
5.6CVSS
5.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...
5.4CVSS
7.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:1936-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1936-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...
6.9AI Score
0.0004EPSS
SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:1935-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1935-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...
6.9AI Score
0.0004EPSS
SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....
5.6CVSS
5.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1945-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...
7.8CVSS
7.6AI Score
0.0004EPSS
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:1947-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1947-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). - CVE-2024-4603: Fixed DSA parameter checks for....
7.7AI Score
0.0004EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct...
4.3CVSS
4.7AI Score
0.0004EPSS
Zend-Mail remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7AI Score
Zend-Mail remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7AI Score
Security and Human Behavior (SHB) 2024
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...
7.4AI Score
Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...
5.3CVSS
5.2AI Score
0.0004EPSS
TYPO3 Denial of Service in Frontend Record Registration
TYPO3ās built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...
7.1AI Score
TYPO3 Denial of Service in Frontend Record Registration
TYPO3ās built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...
7.1AI Score
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory.....
5.9CVSS
6.2AI Score
0.0004EPSS
Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577
In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerabilityā identified as CVE-2024-4577 with an initial CVSS score of 9.8 ā was discovered in....
9.8CVSS
10AI Score
0.932EPSS
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"āthe feature that, previously named "Location History," tracks user routes and trips based on a phoneās location, allowing people to revisit all the places they've been.....
6.7AI Score
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...
9.8CVSS
9.1AI Score
EPSS
Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-45648 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer.....
5.9CVSS
7.5AI Score
0.01EPSS
Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...
5.3CVSS
5.7AI Score
0.0005EPSS
Summary IBMĀ® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188(Malicious File Upload). Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details ** CVEID: CVE-2023-45188 DESCRIPTION: **IBM Engineering.....
6.5CVSS
7.1AI Score
0.0004EPSS
Cyber Landscape is Evolving - So Should Your SCA
Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic...
7.5AI Score
Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...
7.8CVSS
9.5AI Score
0.001EPSS
The Justice Department Took Down the 911 S5 Botnet
The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....
7.4AI Score
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...
6.4AI Score
0.0004EPSS
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....
7.7AI Score
Exposure Of Sensitive Information To An Unauthorized Actor
Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
Information Exposure Through Misconfigured Permissions
Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...
6.4AI Score
0.0004EPSS
moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...
5.6AI Score
0.0004EPSS
Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....
7AI Score
0.0004EPSS
Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...
7AI Score
0.0004EPSS