K000137270 : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability CVE-2024-21789
Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. (CVE-2024-21789) Impact System performance can degrade until the bd process is either forced to restart or is...
7.5CVSS
7.3AI Score
0.0004EPSS
First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities
Microsoft followed up one of the lightest recent Patch Tuesdays in January with a large release of vulnerabilities on Tuesday, although still far from numbers seen in the past. In all, February's security update from Microsoft includes 75 vulnerabilities, three of which are considered critical....
8.1CVSS
9.6AI Score
0.004EPSS
K000138600 : Python vulnerability CVE-2023-43804
Security Advisory Description urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header....
8.1CVSS
8.1AI Score
0.001EPSS
K000138582 : TorchServe vulnerability CVE-2023-43654
Security Advisory Description TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage...
9.8CVSS
6.5AI Score
0.001EPSS
K000138586 : Node.js c-areas vulnerability CVE-2023-31130
Security Advisory Description c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would....
6.4CVSS
6.9AI Score
0.0004EPSS
2023’s Critical WordPress Vulnerabilities and How They Work
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! In 2023, the Wordfence Threat Intelligence team's primary...
9.9CVSS
9.4AI Score
0.122EPSS
Do Any HTTP Clients Not Support SNI?
In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication (SNI) traffic. The goal of our research was to answer the following questions: How much non-SNI traffic is seen? What is...
6.8AI Score
Fedora: Security Advisory for wireshark (FEDORA-2024-fdc7dfb959)
The remote host is missing an update for...
7.8CVSS
7.6AI Score
0.001EPSS
K000138576 : Python-asyncssh vulnerability CVE-2023-46445
Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." (CVE-2023-46445) Impact There is no impact; F5 products are not affected by this...
5.9CVSS
6.4AI Score
0.001EPSS
K000138577 : Python-asyncssh vulnerability CVE-2023-46446
Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." (CVE-2023-46446) Impact There is no impact; F5 products are not affected by this...
6.8CVSS
6.7AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: wireshark-4.0.12-1.fc38
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
7.8CVSS
6.6AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: wireshark-4.0.12-1.fc39
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
7.8CVSS
7AI Score
0.001EPSS
Fedora: Security Advisory for wireshark (FEDORA-2024-b72131479b)
The remote host is missing an update for...
7.8CVSS
7.6AI Score
0.001EPSS
Summary The jetty-http package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-40167]. Vulnerability Details ** CVEID: CVE-2023-40167 DESCRIPTION: **Jetty is vulnerable to HTTP request smuggling, caused by improper parsing.....
5.3CVSS
6.1AI Score
0.001EPSS
Summary IBM Watson Machine Learning Accelerator 3.5.0 for Cloud Pak for Data 4.6.5 is affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-3697 DESCRIPTION: **Ansible Collections Amazon AWS...
7.5CVSS
7.4AI Score
0.024EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...
9.8CVSS
9.5AI Score
EPSS
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
By Jungsoo An, Wayne Lee and Vanja Svajcer. Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named...
8.2AI Score
Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that.....
7.1AI Score
Fortinet Fortigate (FG-IR-23-301)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-301 advisory. An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 7.4.1 and 6.4 all...
4.8CVSS
5.2AI Score
0.0005EPSS
Fortinet Fortigate (FG-IR-24-029)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-029 advisory. A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0...
9.8CVSS
9.7AI Score
0.001EPSS
Fortinet Fortigate (FG-IR-24-015)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-015 advisory. A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0...
9.8CVSS
9.7AI Score
0.018EPSS
Fortinet Fortigate (FG-IR-23-397)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-397 advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many...
7.5CVSS
7.9AI Score
0.732EPSS
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.3 IF001 Vulnerability Details ** CVEID: CVE-2023-46589 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially...
7.5CVSS
7.2AI Score
0.005EPSS
Security Bulletin: Datapower Operations Dashboard Multiple Vulnerabilities in Apache Tomcat
Summary IBM has addressed the CVEs Vulnerability Details ** CVEID: CVE-2023-45648 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer header, an attacker could exploit this...
7.5CVSS
6.7AI Score
0.01EPSS
After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back
The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the...
7.2AI Score
Digital Experience Monitoring | What Is DEM?
Introduction to Digital Experience Monitoring: Illuminating the Basics In an era governed by technology, the satisfaction of an end-user is of utmost importance. It has the power to stimulate or to halt business growth, and frequently determines if a client continues or discontinues their...
7.2AI Score
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process,...
9.8CVSS
9.2AI Score
0.245EPSS
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6AI Score
0.002EPSS
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.4AI Score
0.002EPSS
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.6AI Score
0.002EPSS
Ski & bike helmets protect your head, not location or voice
TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a.....
7.3AI Score
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.2AI Score
0.002EPSS
Fortinet Fortigate (FG-IR-23-138)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-138 advisory. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10,...
8.8CVSS
8.9AI Score
0.001EPSS
Fortinet Fortigate (FG-IR-23-432)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-432 advisory. An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and...
5.3CVSS
5.4AI Score
0.001EPSS
K000138517 : Python-Pillow vulnerability CVE-2023-44271
Security Advisory Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an.....
7.5CVSS
7AI Score
0.001EPSS
K000138511 : Linux kernel vulnerability CVE-2023-38427
Security Advisory Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. (CVE-2023-38427) Impact There is no impact; F5 products are not affected by this...
9.8CVSS
6.6AI Score
0.001EPSS
Fortinet FortiWeb (FG-IR-23-256)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-256 advisory. An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 -...
5.3CVSS
5.2AI Score
0.0005EPSS
Fortinet Fortigate (FG-IR-23-196)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-196 advisory. A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1...
8.8CVSS
9AI Score
0.001EPSS
Summary Vulnerabilities contained within Open VPN (a 3rd party component) and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty (a 3rd party component) were addressed in the IBM MaaS360 Mobile Enterprise...
9.8CVSS
9.7AI Score
0.732EPSS
On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in Cookie Information | Free GDPR Consent Solution, a WordPress plugin with more than 100,000+ active installations. This vulnerability could be used by authenticated....
8.8CVSS
7.3AI Score
0.001EPSS
how-to-play-reggae.com Cross Site Scripting vulnerability OBB-3849670
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Directory Traversal: Examples, Testing, and Prevention
Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowing unauthorized individuals to gain unauthorized access to specific files held within a server's database...
7.8AI Score
All-In-One Security (AIOS) – Security and Firewall < 5.2.6 - Reflected Cross-Site Scripting
Description The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
6.3AI Score
0.002EPSS
K000138509 : ftpd vulnerabilities CVE-1999-0082 and CVE-1999-0201
Security Advisory Description CVE-1999-0082 CWD ~root command in ftpd allows root access. CVE-1999-0201 A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user. Impact There is no impact; F5 products are not affected by these...
7.2AI Score
0.015EPSS
K000138508 : mod_ssl vulnerability CVE-2004-0700
Security Advisory Description Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are.....
7.9AI Score
0.901EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP.....
9.8CVSS
9.5AI Score
0.154EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP.....
9.8CVSS
9.6AI Score
0.154EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP.....
9.8CVSS
7.8AI Score
0.154EPSS
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP.....
9.8CVSS
9.8AI Score
0.154EPSS
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265. Vulnerability Details ** CVEID: CVE-2023-20861 DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could...
7.5CVSS
7.8AI Score
0.003EPSS