Sermon'e – Sermons Online Security Vulnerabilities
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the.....
7.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-30265 Voilà Local file inclusion
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the.....
7.5CVSS
7.7AI Score
0.0004EPSS
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland...
7.2AI Score
Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how...
7.5CVSS
7.1AI Score
0.0004EPSS
Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how...
7.5CVSS
7.1AI Score
0.0004EPSS
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an...
7.2AI Score
online-directory.co.uk Cross Site Scripting vulnerability OBB-3897683
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-3226 Campcodes Online Patient Record Management System login.php sql injection
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.8AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2e3bea0c-f110-11ee-bc57-00e081b7aa2d advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and...
7.5CVSS
6.5AI Score
0.0004EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.5CVSS
7.7AI Score
0.005EPSS
Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities...
7.2CVSS
7.7AI Score
0.0004EPSS
AT&T confirms 73 million people affected by data breach
Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy,...
7.4AI Score
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven.....
6.9AI Score
Top security talks from KubeCon Europe 2024
KubeCon Europe is the largest open source community conference in Europe with hundreds of talks, many of them about security. All the sessions are available online; in this blog, we’ll discuss our...
7.2AI Score
Compromising Bank Customer Trust: The Price of Inadequate Data Protection
Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodian....
7.5AI Score
Top 3 Cybersecurity Tools to Protect Business Data
By Uzair Amir Discover the top three cybersecurity tools designed to safeguard your business data from online threats and breaches, ensuring secure data transfer. This is a post from HackRead.com Read the original post: Top 3 Cybersecurity Tools to Protect Business...
7.2AI Score
Security Bulletin: Vulnerability in Pillow affects IBM Process Mining CVE-2023-50447
Summary There is a vulnerability in Pillow that could allow an remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50447 ...
8.1CVSS
7.6AI Score
0.001EPSS
online-reisesuche.de Cross Site Scripting vulnerability OBB-3895247
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Free VPN apps turn Android phones into criminal proxies
Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users' devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other...
7.5AI Score
Gibbon School Platform Authenticated PHP Deserialization Vulnerability
A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint...
8.4AI Score
0.179EPSS
Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia
The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of...
7.3AI Score
Detecting Windows-based Malware Through Better Visibility
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national...
7AI Score
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...
7.7AI Score
FreeBSD : mediawiki -- multiple vulnerabilities (d58726ff-ef5e-11ee-8d8e-080027a5b8e9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d58726ff-ef5e-11ee-8d8e-080027a5b8e9 advisory. Mediawiki reports: (T355538, CVE-2024-PENDING) SECURITY: XSS in edit summary parser. (T357760, ...
6.6AI Score
7.5CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
Yogurt Heist Reveals a Rampant Form of Online Fraud
Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond...
6.9AI Score
FreeBSD : electron{27,28} -- Object lifecycle issue in V8 (bdcd041e-5811-4da3-9243-573a9890fdb1)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bdcd041e-5811-4da3-9243-573a9890fdb1 advisory. Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to ...
8.8CVSS
6.8AI Score
0.001EPSS
FreeBSD : quiche -- Multiple Vulnerabilities (34f98d06-eb56-11ee-8007-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 34f98d06-eb56-11ee-8007-6805ca2fa271 advisory. Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related...
5.9CVSS
7.5AI Score
0.0004EPSS
Payment authorization and one-time passwords – Mobile Token
By Uzair Amir Isn't it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile...
7.3AI Score
Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
7.3AI Score
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details **...
7.5CVSS
7.2AI Score
0.0005EPSS
Security Bulletin: Vulnerability in PyCryptodome affects IBM Process Mining CVE-2023-52323
Summary There is a vulnerability in PyCryptodome that could allow a remote attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
5.9CVSS
6.5AI Score
0.001EPSS
Summary There is a vulnerability in The Legion of the Bouncy Castle that could allow an remote attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details **....
5.5CVSS
6.4AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-22195
Summary There is a vulnerability in Jinja that could allow an attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
6.1CVSS
6.5AI Score
0.001EPSS
Security Bulletin: Vulnerability in cryptography affects IBM Process Mining CVE-2023-50782
Summary There is a vulnerability in cryptography that could allow an attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50782 ...
7.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: Vulnerability in follow-redirects affects IBM Process Mining CVE-2023-26159
Summary There is a vulnerability in follow-redirects that could allow an remote attacker to redirect a victim to arbitrary Web sites. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
7.3CVSS
6.5AI Score
0.001EPSS
Security Bulletin: Vulnerability in openjdk affects IBM Process Mining CVE-2023-21930
Summary There is a vulnerability in openjdk that could allow an authenticated attacker with network access via TLS to compromise Java on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details **...
7.4CVSS
9.2AI Score
0.002EPSS
Security Bulletin: Vulnerability in cryptography affects IBM Process Mining CVE-2024-26130
Summary There is a vulnerability in cryptography that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
7.5CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in GitPython affects IBM Process Mining CVE-2024-22190
Summary There is a vulnerability in GitPython that could allow an remote attacker to execute arbitrary code on the system,. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-22190 ...
7.8CVSS
7.7AI Score
0.001EPSS
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining CVE-2024-22201
Summary There is a vulnerability in Eclipse Jetty that could allow an remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
7.5CVSS
7.4AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483
Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-29483 ...
7.4AI Score
0.0004EPSS
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in....
9.8CVSS
9.8AI Score
0.0004EPSS
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for...
9.8CVSS
9.3AI Score
0.0004EPSS
FreeBSD : Gitlab -- vulnerabilities (d2992bc2-ed18-11ee-96dc-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2992bc2-ed18-11ee-96dc-001b217b3468 advisory. An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all...
8.7CVSS
6.1AI Score
0.001EPSS