Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

talosblog
talosblog

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

7.1AI Score

2024-06-13 06:00 PM
2
nvd
nvd

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

0.0004EPSS

2024-06-13 04:15 PM
4
cve
cve

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.7AI Score

0.0004EPSS

2024-06-13 04:15 PM
23
osv
osv

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7AI Score

0.0004EPSS

2024-06-13 04:15 PM
1
cvelist
cvelist

CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

0.0004EPSS

2024-06-13 04:09 PM
4
aix
aix

AIX is affected by information disclosure due to Python (CVE-2024-28757)

IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...

7.3AI Score

0.0004EPSS

2024-06-13 03:37 PM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.9AI Score

EPSS

2024-06-13 03:35 PM
6
cvelist
cvelist

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

0.0004EPSS

2024-06-13 02:18 PM
7
vulnrichment
vulnrichment

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS

6.6AI Score

0.0004EPSS

2024-06-13 02:18 PM
4
nvd
nvd

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

0.0004EPSS

2024-06-13 01:15 PM
5
cve
cve

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-13 01:15 PM
22
rapid7blog
rapid7blog

Rapid7 Infuses Generative AI into the InsightPlatform to Supercharge SecOps and Augment MDR Services

In the ever-evolving landscape of cybersecurity, staying ahead of threats is not just a goal—it's a necessity. At Rapid7, we are pioneering the infusion of artificial intelligence (AI) into our platform and service offerings, transforming the way security operations centers (SOCs) around the globe....

7.1AI Score

2024-06-13 01:00 PM
3
cvelist
cvelist

CVE-2024-36395 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

6.1CVSS

0.0004EPSS

2024-06-13 12:32 PM
3
ics
ics

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow low-privilege...

7.3AI Score

0.0004EPSS

2024-06-13 12:00 PM
4
ics
ics

Siemens SICAM AK3/BC/TM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-06-13 12:00 PM
5
ics
ics

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.1CVSS

9.3AI Score

0.002EPSS

2024-06-13 12:00 PM
6
ics
ics

Mitsubishi Electric MELSEC-Q/L Series (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS

10AI Score

0.0004EPSS

2024-06-13 12:00 PM
12
ics
ics

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
6
ics
ics

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-06-13 12:00 PM
5
ics
ics

Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

8.2CVSS

7AI Score

0.0004EPSS

2024-06-13 12:00 PM
2
ics
ics

Motorola Solutions Vigilant License Plate Readers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use...

7.6AI Score

0.0004EPSS

2024-06-13 12:00 PM
3
ics
ics

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user from a remote...

7AI Score

0.0004EPSS

2024-06-13 12:00 PM
3
ics
ics

Siemens SINEC Traffic Analyzer

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-13 12:00 PM
1
ics
ics

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an outside attacker to...

7AI Score

0.0004EPSS

2024-06-13 12:00 PM
4
ics
ics

Mitsubishi Electric Multiple Products (Update G)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple products Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used to...

9.8CVSS

9.7AI Score

0.006EPSS

2024-06-13 12:00 PM
63
ics
ics

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-06-13 12:00 PM
4
ics
ics

Siemens Mendix Applications

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

5.9CVSS

7.1AI Score

0.0004EPSS

2024-06-13 12:00 PM
6
ics
ics

Siemens TIA Administrator

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

3.3CVSS

6.8AI Score

0.0004EPSS

2024-06-13 12:00 PM
1
ics
ics

Siemens SITOP UPS1600

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

5.6CVSS

9.8AI Score

0.001EPSS

2024-06-13 12:00 PM
5
ics
ics

Siemens PowerSys

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.3CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 PM
2
ics
ics

Siemens ST7 ScadaConnect

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.732EPSS

2024-06-13 12:00 PM
6
ics
ics

Siemens SCALANCE XM-400, XR-500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
4
ics
ics

Fuji Electric Tellus Lite V-Simulator

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-Bound Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 PM
3
thn
thn

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don't have efficient methods to manage related time-sensitive SaaS security and compliance tasks.....

7.2AI Score

2024-06-13 11:30 AM
12
schneier
schneier

AI and the Indian Election

As India concluded the world's largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of...

7.2AI Score

2024-06-13 11:02 AM
6
thn
thn

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to...

6.8AI Score

2024-06-13 10:26 AM
4
hackerone
hackerone

curl: Unicode-to-ASCII conversion on Windows can lead to argument injection and more

Hello cURL team, I am splitline from DEVCORE Research Team. We recently found a vulnerability on cURL. We have reproduced the issues in the latest version of cURL (curl-8.8.0_1) and would like to report it to you. Please check the attached document for details. This advisory is in accordance with.....

7.8AI Score

2024-06-13 10:01 AM
14
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
2
thn
thn

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious...

7.2AI Score

2024-06-13 08:05 AM
9
vulnrichment
vulnrichment

CVE-2024-36206 AMS XSS - /libs/clientlibs/social/hbs/moderationfoundation/moderationfoundation.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

5.4CVSS

5.1AI Score

0.0005EPSS

2024-06-13 07:53 AM
1
cvelist
cvelist

CVE-2024-36206 AMS XSS - /libs/clientlibs/social/hbs/moderationfoundation/moderationfoundation.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

5.4CVSS

0.0005EPSS

2024-06-13 07:53 AM
2
cvelist
cvelist

CVE-2024-36154 AMS XSS - /libs/social/enablement/components/clientlibs/assetselector/assetselector.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

0.0005EPSS

2024-06-13 07:53 AM
2
vulnrichment
vulnrichment

CVE-2024-36154 AMS XSS - /libs/social/enablement/components/clientlibs/assetselector/assetselector.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.3AI Score

0.0005EPSS

2024-06-13 07:53 AM
1
vulnrichment
vulnrichment

CVE-2024-36197 DOM XSS in `libs/clientlibs/social/commons/toggle/clientlibs/toggle.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

5.4CVSS

6AI Score

0.0005EPSS

2024-06-13 07:52 AM
1
cvelist
cvelist

CVE-2024-36197 DOM XSS in `libs/clientlibs/social/commons/toggle/clientlibs/toggle.js`

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires...

5.4CVSS

0.0005EPSS

2024-06-13 07:52 AM
1
cvelist
cvelist

CVE-2024-36180 AMS XSS - /libs/social/qna/components/hbs/relatedquestions/clientlibs/relatedquestions.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

0.0005EPSS

2024-06-13 07:52 AM
vulnrichment
vulnrichment

CVE-2024-36180 AMS XSS - /libs/social/qna/components/hbs/relatedquestions/clientlibs/relatedquestions.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.3AI Score

0.0005EPSS

2024-06-13 07:52 AM
1
cvelist
cvelist

CVE-2024-36148 AMS XSS - /libs/clientlibs/social/connect/source/SocialAuth.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

0.0005EPSS

2024-06-13 07:52 AM
vulnrichment
vulnrichment

CVE-2024-36148 AMS XSS - /libs/clientlibs/social/connect/source/SocialAuth.js

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.3AI Score

0.0005EPSS

2024-06-13 07:52 AM
thn
thn

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....

7.8CVSS

8.3AI Score

0.213EPSS

2024-06-13 07:08 AM
8
Total number of security vulnerabilities222745