7.4AI Score
Debian dla-3775 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3775 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...
7.5CVSS
8.5AI Score
0.001EPSS
CentOS 7 : firefox (RHSA-2024:1486)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...
7.5CVSS
9.1AI Score
0.001EPSS
7.4AI Score
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6710-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6710-1 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...
7.2AI Score
0.0005EPSS
Apple iOS < 16.7.7 Multiple Vulnerabilities (HT214098)
The version of Apple iOS running on the mobile device is prior to 16.7.7. It is, therefore, affected by multiple...
6.6AI Score
Fedora 39 : firefox (2024-c8549a8c75)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c8549a8c75 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...
7.2AI Score
0.0005EPSS
Debian dsa-5645 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...
5.8AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-firefox Vulnerability (SSA:2024-083-01)
The version of mozilla-firefox installed on the remote host is prior to 115.9.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-083-01 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...
5.9AI Score
0.0004EPSS
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...
7.5CVSS
6.8AI Score
0.001EPSS
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...
7.5CVSS
6.6AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....
7.5CVSS
7.4AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....
7.5CVSS
7.4AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....
7.5CVSS
7.6AI Score
0.001EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.1AI Score
0.0004EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.7AI Score
0.0004EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.9AI Score
0.0004EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.7AI Score
0.0004EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
7AI Score
0.0004EPSS
Implementing Zero Trust Controls for Compliance
The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network...
7.1AI Score
Google Pays $10M in Bug Bounties in 2023
BleepingComputer has the details. It's $2M less than in 2022, but it's still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million. For Android, the world's most popular and widely used mobile...
7.4AI Score
The version of Firefox ESR installed on the remote Windows host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...
7.3AI Score
0.0004EPSS
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract....
5.9CVSS
6.4AI Score
0.0004EPSS
The version of Firefox installed on the remote Windows host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based...
7.7AI Score
0.0005EPSS
Security Vulnerabilities fixed in Firefox ESR 115.9.1 — Mozilla
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of...
6.4AI Score
0.0004EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.2AI Score
0.0004EPSS
Mozilla Firefox Security Advisory (MFSA2024-15) - Linux
This host is missing a security update for Mozilla...
7.5AI Score
0.0005EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary ...
7.3AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox 124.0.1 — Mozilla
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...
6.4AI Score
0.0005EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- ...
7.7AI Score
0.0005EPSS
Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now
Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2.....
8AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15718)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
5.4CVSS
6.7AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14657)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager Access Control Error Vulnerability (CNVD-2024-14656)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. An....
5.3CVSS
7.2AI Score
0.0005EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14661)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15719)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
5.4CVSS
6.7AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14660)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15717)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
4.8CVSS
6.7AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14654)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.002EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14653)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14659)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14658)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14655)
Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....
5.4CVSS
6.2AI Score
0.0004EPSS
Android malware, Android malware and more Android malware
Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023's most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case.....
7.1AI Score
The ‘AT&T breach’—what you need to know
Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for.....
7AI Score
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable.....
4.3CVSS
6.7AI Score
0.0004EPSS
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable.....
4.3CVSS
4.5AI Score
0.0004EPSS