Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An...
7.5CVSS
6.9AI Score
0.001EPSS
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
7.8CVSS
8.3AI Score
0.002EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
9.7AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
9.9AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
8.4AI Score
0.0004EPSS
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...
9.8CVSS
10AI Score
0.0004EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-oem-6.1 - Linux kernel for OEM systems Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker...
7.8CVSS
8.3AI Score
0.002EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-bluefield - Linux kernel for NVIDIA BlueField platforms linux-raspi-5.4 - Linux kernel for Raspberry Pi systems linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Wenqing Liu discovered that the f2fs file system...
7.8CVSS
8.3AI Score
0.003EPSS
The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and Participation Claudia Chwalisz, Moving...
7.2AI Score
Summary Multiple Vulnerabilities were disclosed as part of the Oracle Jan 2024 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2024-20918 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality...
7.5CVSS
6.6AI Score
0.001EPSS
JVN#48443978: a-blog cms vulnerable to directory traversal
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22). ## Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. ## Solution....
7.4AI Score
0.0004EPSS
Android Buffer Overflow in WhatsApp (CVE-2019-3568)
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to...
8.2CVSS
8.1AI Score
0.028EPSS
Cisco FXOS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)
According to its self-reported version, Cisco FXOS is affected by a vulnerability. The vulnerability lies in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected...
6.6CVSS
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: icecat-115.8.0-2.rh1.fc40
GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from...
9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40
The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...
6.8AI Score
0.0004EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 (1.8.0_401). Vulnerability Details ** CVEID: CVE-2023-22067 ...
5.3CVSS
8.9AI Score
0.001EPSS
It's that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...
7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2023...
3.7CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.5CVSS
7.6AI Score
0.001EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.2AI Score
0.0004EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.1AI Score
0.0004EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.6AI Score
0.0004EPSS
CVE-2023-42661 JFrog Artifactory Improper input validation leads to arbitrary file write
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.4AI Score
0.0004EPSS
How Public AI Can Strengthen Democracy
With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...
6.9AI Score
Zama Secures $73M Series A Lead for Homomorphic Encryption
By cyberwire Company Open Sources FHE Libraries to Build Privacy-Preserving Blockchain and AI Applications for the First Time. This is a post from HackRead.com Read the original post: Zama Secures $73M Series A Lead for Homomorphic...
7.3AI Score
Summary IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to an...
7.5CVSS
7.2AI Score
0.001EPSS
CentOS 8 : firefox (CESA-2024:0955)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0955 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
About the security content of watchOS 10.4
About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.8CVSS
8.8AI Score
0.002EPSS
CentOS 8 : thunderbird (CESA-2024:0964)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0964 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
8.4AI Score
0.0004EPSS
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
8.4AI Score
0.0004EPSS
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...
10CVSS
9.5AI Score
0.976EPSS
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7.2AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...
6.5CVSS
7.2AI Score
0.0004EPSS
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless Access Points (APs) could allow an authenticated, remote attacker to perform command injection and buffer overflow attacks against an affected device. In order to exploit these.....
8AI Score
0.0004EPSS
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this...
9.1CVSS
6.9AI Score
0.033EPSS
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...
7.5CVSS
7.5AI Score
0.003EPSS
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with....
8.8CVSS
7.6AI Score
0.002EPSS
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect....
6.5CVSS
6.6AI Score
0.003EPSS
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not....
6.1CVSS
6AI Score
0.004EPSS
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted...
9.8CVSS
7.7AI Score
0.01EPSS
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated...
8.8CVSS
6.8AI Score
0.003EPSS
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...
8.8CVSS
9.2AI Score
0.003EPSS
BIT-guacamole-server-2020-9498
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be...
6.7CVSS
6.9AI Score
0.001EPSS