Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1822)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
RHEL 7 : kpatch-patch (RHSA-2024:4073)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4073 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7.8CVSS
8AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1822)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...
7.8CVSS
7.3AI Score
0.0005EPSS
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-1843)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and...
7.8CVSS
7.4AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1843)
The remote host is missing an update for the Huawei...
7.8CVSS
7.5AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
This Week in Spring - June 25th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in...
7.1AI Score
RHEL 7 : kernel (RHSA-2024:4098)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...
6.8CVSS
7.5AI Score
0.0004EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
Readme.md CVE-2023-30253 CVE-2023-30253 is a...
8.8CVSS
7.6AI Score
0.008EPSS
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.001EPSS
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.001EPSS
Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update
Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile (WLP) to version 24.0.0.6 for security update in WLP. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) |...
9.8CVSS
7.3AI Score
0.001EPSS
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....
7.1AI Score
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...
10CVSS
8.1AI Score
EPSS
[Important] [Security] Virtuozzo ReadyKernel Patch 168.1 for Virtuozzo Hybrid Server 7.5
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-156977 [3.10.0-1160.80.1.vz7.191.4 to 3.10.0-1160.105.1.vz7.214.3] netfilter: A use-after-free vulnerability in...
7.8CVSS
7.1AI Score
0.0004EPSS
Amazon Linux 2 : libndp (ALAS-2024-2571)
The version of libndp installed on the remote host is prior to 1.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2571 advisory. A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router...
8.1CVSS
7.2AI Score
0.0004EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with F2FS) [failed]...
6.8AI Score
0.0004EPSS
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of...
7.5CVSS
6.4AI Score
0.0005EPSS
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
8.8CVSS
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.3AI Score
0.0004EPSS
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
4.3CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...
8.8CVSS
4.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...
8.8CVSS
0.001EPSS
CVE-2024-35772 WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...
4.3CVSS
0.001EPSS
CVE-2024-35772 WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...
4.3CVSS
7AI Score
0.001EPSS
Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,.....
7.8CVSS
8.4AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
0.0004EPSS
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...
7.5AI Score
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...
7AI Score
CVE-2024-34777 dma-mapping: benchmark: fix node id validation
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.4AI Score
0.0004EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Wpallimport Wp All Import
WordPress Plugin WP All Import <= 3.6.7 - Thực thi mã từ xa...
7.2CVSS
7.1AI Score
0.015EPSS
How to Use Tines's SOC Automation Capability Matrix
Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...
7AI Score
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
Dodgy disks. My 32TB SSD Adventure
TL;DR "Hard drive” had reflashed firmware to make it look larger Buyer beware: Cheap storage may not be the value you think it is Background Earlier this year I found myself in need of various cheap electronic components. So naturally I turned to AliExpress. I came across a listing for a cheap...
7.5AI Score
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....
6.9AI Score
A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The.....
7.3CVSS
0.0004EPSS