Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...
4.7CVSS
7.4AI Score
0.0004EPSS
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...
6.4CVSS
6.7AI Score
0.0004EPSS
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...
4.7CVSS
5.2AI Score
0.0004EPSS
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...
8.6CVSS
8.7AI Score
0.0004EPSS
Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...
9.8CVSS
8.4AI Score
0.106EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component...
7.5CVSS
6.6AI Score
0.001EPSS
ThreatDown achieves perfect score in latest AVLab assessment
ThreatDown has once again earned a perfect score in AVLabs' January 2024 real-world malware detection tests, marking the eleventh consecutive quarter in achieving this feat. Let’s delve into the details of the test and how ThreatDown outperformed competitors in exhaustive testing. The AVLab...
7.1AI Score
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...
7.4CVSS
7.3AI Score
0.0004EPSS
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...
7.4CVSS
7.4AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7AI Score
0.0004EPSS
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...
7.4CVSS
7.2AI Score
0.0004EPSS
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7.8CVSS
7.7AI Score
0.0004EPSS
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...
7.4CVSS
7.6AI Score
0.0004EPSS
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...
7.2AI Score
0.0004EPSS
Cisco IOS XR Software SSH Privilege Escalation Vulnerability
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...
7AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. (CVE-2023-33850) Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. [CVE-2023-5363, CVE-2023-4807, CVE-2023-3446] Vulnerability Details ** CVEID: CVE-2023-5363 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information,...
7.8CVSS
7.7AI Score
0.003EPSS
Threat actors leverage document publishing sites for ongoing credential and session token theft
Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the.....
6.9AI Score
What’s in your notepad? Infected text editors target Chinese users
"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...
7AI Score
Intel 2024.1 IPU - BIOS March 2024 Security Updates
Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...
7.2CVSS
7.8AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0857-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0857-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
7.8AI Score
EPSS
This Week in Spring - March 12th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...
7AI Score
FreeBSD : Intel CPUs -- multiple vulnerabilities (b6dd9d93-e09b-11ee-92fc-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b6dd9d93-e09b-11ee-92fc-1c697a616631 advisory. Intel reports: 2024.1 IPU - Intel Processor Bus Lock Advisory A potential security...
6.5CVSS
6.9AI Score
0.001EPSS
Amazon Linux 2023 : microcode_ctl (ALAS2023-2024-559)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-559 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access....
6.5CVSS
6.9AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0855-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0855-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free...
7.8CVSS
7.9AI Score
EPSS
Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review
Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches......
8.1CVSS
9AI Score
0.001EPSS
Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused.....
7.5CVSS
6.9AI Score
0.034EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 .....
6.5AI Score
x86: Register File Data Sampling
ISSUE DESCRIPTION Intel have disclosed RFDS, Register File Data Sampling, affecting some Atom cores. This came from internal validation work. There is no information provided about how an attacker might go about inferring data from the register files. For more details, see:...
6.5CVSS
6.6AI Score
0.0004EPSS
software: firefox 118.0.2 OS: ROSA-CHROME package_evr_string: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory...
9.8CVSS
7.9AI Score
0.609EPSS
Issue Overview: Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2023-38575) Protection mechanism failure of bus lock regulator for some Intel® Processors.....
6.5CVSS
6.9AI Score
0.001EPSS
Summary The commons-fileupload package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE [CVE-2023-24998] Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of.....
7.5CVSS
6.7AI Score
0.034EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....
7AI Score
0.0004EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....
6.8AI Score
0.0004EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....
7AI Score
0.0004EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....
7.1AI Score
0.0004EPSS
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...
7AI Score
0.0004EPSS
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...
7.2AI Score
0.0004EPSS
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...
7.3AI Score
0.0004EPSS
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...
8.7CVSS
8.7AI Score
0.002EPSS
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...
8.7CVSS
6.9AI Score
0.002EPSS
CVE-2024-26005 PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series
An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a...
4.8CVSS
5.8AI Score
0.001EPSS
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...
7.5CVSS
7.8AI Score
0.001EPSS
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...
7.5CVSS
7.1AI Score
0.001EPSS
CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series
An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...
7.5CVSS
7AI Score
0.001EPSS
CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series
An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific...
7.8CVSS
7.8AI Score
0.0005EPSS
CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific...
7.8CVSS
6.8AI Score
0.0005EPSS