intel-microcode vulnerabilities
It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only...
7.9CVSS
7.3AI Score
0.001EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6797-1 advisory. It was discovered that some 3rd and 4th Generation Intel Xeon Processors did not properly...
7.9CVSS
7.3AI Score
0.001EPSS
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
7.8CVSS
7.3AI Score
EPSS
Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6795-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6795-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
7.8CVSS
7.6AI Score
EPSS
EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
Intel Microcode vulnerabilities
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages intel-microcode - Processor microcode for Intel CPUs Details It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to...
7.9CVSS
7.4AI Score
0.001EPSS
Security Bulletin: Triton Inference Server - May 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
9CVSS
8AI Score
0.0004EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...
5.9CVSS
6.7AI Score
0.001EPSS
linux-intel-iotg vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
7.8CVSS
7AI Score
EPSS
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...
9.8CVSS
9.4AI Score
0.001EPSS
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...
9.8CVSS
6.7AI Score
0.001EPSS
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
7.7AI Score
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
9.7AI Score
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...
9.8CVSS
9.3AI Score
0.001EPSS
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this...
9.8CVSS
6.8AI Score
0.001EPSS
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
6.3AI Score
0.0004EPSS
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
5.2AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8.4AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
5.2AI Score
0.0004EPSS
CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
6.4AI Score
0.0004EPSS
CVE-2024-3969 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8AI Score
0.0004EPSS
Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...
7.5AI Score
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
8.1AI Score
0.0004EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
7.3AI Score
pro-elevage.com Improper Access Control vulnerability OBB-3931248
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...
7.5CVSS
7AI Score
0.001EPSS
AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...
9.8CVSS
7.8AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1940 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Write-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-22187 SUMMARY A write-what-where vulnerability exists in the Programming Software Connection Remote Memory...
9.1CVSS
7.6AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...
9.8CVSS
8AI Score
0.001EPSS
5.3CVSS
7.4AI Score
0.001EPSS
7.4AI Score
Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3044 advisory. - update to the latest git - fix for CVE-2012-3429 has been merged - fix CVE-2012-3429 - update to 1.1.0rc1 (CVE-2012-2134) - Fix for CVE-2023-5455 ...
8.8CVSS
8AI Score
0.028EPSS
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically...
7.8CVSS
7.5AI Score
EPSS
7.3AI Score
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: devlink: fix netns refcount leak in devlink_nl_cmd_reload() While preparing my patch series adding netns refcount tracking, I spotted bugs in devlink_nl_cmd_reload() Some error paths forgot to release a refcount on a netns. To fix....
6.6AI Score
0.0004EPSS
in-dubio-pro-geo.de Cross Site Scripting vulnerability OBB-3930898
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
7.3AI Score
7.3AI Score
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...
7.2AI Score
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Bugs https://bugs.chromium.org/p/webm/issues/detail?id=1642 Notes...
7.5CVSS
6.6AI Score
0.001EPSS
Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for R (FEDORA-2024-07b7b83a4f)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.0004EPSS
Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’
Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...
7.4AI Score