Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
7.5CVSS
5.8AI Score
0.002EPSS
(RHSA-2024:2616) Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.5AI Score
0.0005EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...
7.2CVSS
6.6AI Score
0.0004EPSS
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities
ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post...
8.3AI Score
Unitronics Vision Legacy Series (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Unitronics Equipment: Vision Legacy series Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
7.5CVSS
8AI Score
0.0004EPSS
(RHSA-2024:2298) Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
6.7AI Score
0.0004EPSS
(RHSA-2024:2208) Moderate: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: Incorrect offset calculation leading to DOS...
7.4AI Score
0.001EPSS
KLA66424 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Picture In Picture can be exploited to cause denial of service...
8.1AI Score
0.0004EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7CVSS
9.4AI Score
0.0004EPSS
RHEL 9 : tigervnc (RHSA-2024:2616)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2616 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
7.8CVSS
8.3AI Score
0.0005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1468-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1468-1 advisory. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22025. Reason: This...
8.8CVSS
8.2AI Score
0.004EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.8CVSS
7.1AI Score
0.0005EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7CVSS
9AI Score
0.0004EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.118/.119 for Windows, Mac and 124.0.6367.118 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.118 for Mac and Windows.....
7.7AI Score
0.0004EPSS
Express NODE_ENV 'development' Information Disclosure Vulnerability (HTTP) - Active Check
Express is prone to an information disclosure vulnerability if the NODE_ENV environment variable is set...
6.8AI Score
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file. Notes Author| Note ---|--- | Priority reason: Denial of service via resource exhaustion in a desktop application mdeslaur | This attack uses a powerpoint slide...
6.5AI Score
0.0004EPSS
RHEL 9 : freerdp (RHSA-2024:2208)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to.....
9.8CVSS
9AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
HTTP based detection of the Express Node.js web application framework and Node.js itself (based on the Express...
6.1CVSS
7AI Score
0.0004EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)
The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary ...
8.1AI Score
0.0004EPSS
Moderate: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: Incorrect offset calculation leading to DOS...
9.8CVSS
7.2AI Score
0.001EPSS
Moderate: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: Incorrect offset calculation leading to DOS...
9.8CVSS
7.4AI Score
0.001EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.8CVSS
7.3AI Score
0.0005EPSS
RHEL 9 : tigervnc (RHSA-2024:2298)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2298 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
7CVSS
6.1AI Score
0.0004EPSS
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
8.8CVSS
8AI Score
0.0004EPSS
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
8.8CVSS
8AI Score
0.0004EPSS
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app.....
7.3AI Score
CodeQL zero to hero part 3: Security research with CodeQL
I've written a bit in the past about static analysis (CodeQL zero to hero part 1: Fundamentals of static analysis) and basics of writing CodeQL queries (CodeQL zero to hero part 2: Getting started with CodeQL). Today, I want to dig deeper about CodeQL and talk about variant analysis, writing a...
8.3AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related...
7.5CVSS
6.8AI Score
0.001EPSS
(RHSA-2024:2080) Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.4AI Score
0.0005EPSS
Fedora 40 : yyjson (2024-8c48a81cb9)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8c48a81cb9 advisory. yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is...
7.7AI Score
0.0004EPSS
RHEL 7 : tigervnc (RHSA-2024:2080)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2080 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
7.8CVSS
8.3AI Score
0.0005EPSS
Ubuntu 24.04 LTS. : FreeRDP vulnerabilities (USN-6759-1)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6759-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read....
9.8CVSS
6.8AI Score
0.0004EPSS
Fedora 40 : firefox (2024-8b5bd4ad5f)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8b5bd4ad5f advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...
6.3AI Score
0.0005EPSS
Fedora 40 : flatpak (2024-43ea98691e)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-43ea98691e advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and...
8.4CVSS
7.9AI Score
0.0004EPSS
Fedora 40 : xen (2024-3a36322c4b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...
6.5CVSS
7AI Score
0.0004EPSS
The Bug Report - April 2024 Edition
The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...
8.9AI Score
0.971EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2258)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2258 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : openstack-aodh (RHSA-2017:3227)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3227 advisory. openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry...
7.5CVSS
7.3AI Score
0.005EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2289)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2289 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2228)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2228 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : openstack-aodh (RHSA-2018:0315)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0315 advisory. openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry...
7.5CVSS
7.3AI Score
0.005EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2364)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2364 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2363)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2363 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
7.1AI Score
0.003EPSS
CSAF - Cyber Security Awareness Framework
The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...
7.5AI Score
CentOS 9 : freerdp-2.4.1-5.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the freerdp-2.4.1-5.el9 build changelog. Fix length checks in parallel driver (#2136152) (CVE-2022-39282) Add missing length check in video channel (#2136154) (CVE-2022-39283) ...
7.5CVSS
7.4AI Score
0.002EPSS