Lucene search

K

OMICARD EDM 's SMS Security Vulnerabilities

ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

9.8CVSS

10AI Score

EPSS

2024-06-18 09:04 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary.....

9.8CVSS

10AI Score

0.003EPSS

2024-06-18 08:51 PM
1
ibm
ibm

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS

6.9AI Score

EPSS

2024-06-18 08:03 PM
malwarebytes
malwarebytes

Explained: Android overlays and how they are used to trick people

Sometimes you’ll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are...

7.2AI Score

2024-06-18 04:51 PM
5
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...

9.8CVSS

9.3AI Score

0.974EPSS

2024-06-18 02:02 PM
17
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...

9.8CVSS

10.1AI Score

EPSS

2024-06-18 02:01 PM
31
rapid7blog
rapid7blog

Helpful tools to get started in IoT Assessments

The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start. Having performed dozens of IoT assessments, I felt it would be beneficial to compile a basic list of items that are...

6.9AI Score

2024-06-18 01:00 PM
githubexploit
githubexploit

Exploit for CVE-2024-0044

CVE 2024 0044 CVE-2024-0044, identified in the...

7.8AI Score

2024-06-18 12:30 PM
37
kitploit
kitploit

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

6.9AI Score

2024-06-18 12:30 PM
3
talosblog
talosblog

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...

6.6AI Score

2024-06-18 12:00 PM
4
osv
osv

Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub (32-bit) and Scalar52::sub...

7.2AI Score

2024-06-18 12:00 PM
1
talosblog
talosblog

How are attackers trying to bypass MFA?

In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...

8.1AI Score

2024-06-18 11:57 AM
1
securelist
securelist

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI Score

2024-06-18 11:30 AM
2
schneier
schneier

Rethinking Democracy for the Age of AI

There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI Score

2024-06-18 11:04 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: ghostscript-10.02.1-9.fc40

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript (PS) and Portable Document Format (PDF) page...

7AI Score

EPSS

2024-06-18 10:07 AM
githubexploit
githubexploit

Exploit for CVE-2024-0044

Android Autorooter This is just a mental note more than...

7.2AI Score

2024-06-18 09:22 AM
37
thn
thn

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into...

7AI Score

2024-06-18 07:38 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6837-1)

The remote host is missing an update for...

7.5CVSS

5.8AI Score

0.001EPSS

2024-06-18 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0227)

The remote host is missing an update for...

4.4CVSS

7.1AI Score

0.0004EPSS

2024-06-18 12:00 AM
spring
spring

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I.....

7.3AI Score

2024-06-18 12:00 AM
1
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3969)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3969 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2033-1)

The remote host is missing an update for...

7.5CVSS

7.7AI Score

0.05EPSS

2024-06-18 12:00 AM
1
nessus
nessus

RHEL 7 : flatpak (RHSA-2024:3980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6836-1)

The remote host is missing an update for...

7.1CVSS

7.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2043-1)

The remote host is missing an update for...

7.1AI Score

0.0005EPSS

2024-06-18 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2038-1)

The remote host is missing an update for...

5.3CVSS

6.6AI Score

0.001EPSS

2024-06-18 12:00 AM
1
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3970 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

RHEL 8 : firefox (RHSA-2024:3972)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3972 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...

8AI Score

0.0004EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2037-1 advisory. - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure...

6.5CVSS

6.2AI Score

0.006EPSS

2024-06-18 12:00 AM
2
openvas
openvas

Python SSL Vulnerability (Jun 2024) - Linux

Python is prone to a vulnerability in the ssl...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Mac OS X

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Windows

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6838-1)

The remote host is missing an update for...

7.1AI Score

EPSS

2024-06-18 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0226)

The remote host is missing an update for...

7.1AI Score

EPSS

2024-06-18 12:00 AM
f5
f5

K000140039: Intel QAT vulnerability CVE-2023-32641

Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 12:00 AM
2
f5
f5

K000140043: runc vulnerability CVE-2024-21626

Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...

8.6CVSS

7AI Score

0.051EPSS

2024-06-18 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2042-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2042-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...

5.9CVSS

5.6AI Score

0.001EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : booth (SUSE-SU-2024:2041-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2041-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...

5.9CVSS

5.6AI Score

0.001EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2024:2036-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2036-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly.....

6.6AI Score

EPSS

2024-06-18 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6835-1 advisory. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format...

7.6AI Score

EPSS

2024-06-18 12:00 AM
1
openvas
openvas

Python IP Ranges Vulnerability (Jun 2024) - Linux

Python is prone to a vulnerability in the ipaddress...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
packetstorm

7.4AI Score

2024-06-18 12:00 AM
26
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2039-1)

The remote host is missing an update for...

5.3CVSS

5.7AI Score

0.001EPSS

2024-06-18 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0225)

The remote host is missing an update for...

7.4CVSS

7.1AI Score

0.0004EPSS

2024-06-18 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2036-1)

The remote host is missing an update for...

6.7AI Score

EPSS

2024-06-18 12:00 AM
f5
f5

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....

4.2CVSS

6.4AI Score

0.001EPSS

2024-06-18 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:2043-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2043-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may...

7.3AI Score

0.0005EPSS

2024-06-18 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : bind (SUSE-SU-2024:2033-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2033-1 advisory. - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed...

7.5CVSS

8.1AI Score

0.05EPSS

2024-06-18 12:00 AM
openvas
openvas

Python SSL Vulnerability (Jun 2024) - Mac OS X

Python is prone to a vulnerability in the ssl...

6.5AI Score

0.0004EPSS

2024-06-18 12:00 AM
ubuntucve
ubuntucve

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-18 12:00 AM
Total number of security vulnerabilities371899