SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:1309-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1309-1 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...
7.3CVSS
6.5AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value....
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on...
5.5CVSS
5.4AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:1301-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1301-1 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...
7.3CVSS
6.5AI Score
0.001EPSS
openSUSE: Security Advisory for vim (SUSE-SU-2024:1287-1)
The remote host is missing an update for...
7.8CVSS
5.9AI Score
0.002EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.6AI Score
0.0004EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.8 security update on RHEL 8 (Important) (RHSA-2024:1861)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1861 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.4AI Score
0.0005EPSS
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:1306-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1306-1 advisory. The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can...
8.2CVSS
6.6AI Score
0.0004EPSS
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:1307-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1307-1 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...
7.3CVSS
6.8AI Score
0.001EPSS
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-583 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies,...
7.8CVSS
7.5AI Score
0.0005EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.8 security update on RHEL 9 (Important) (RHSA-2024:1862)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1862 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.1AI Score
0.0005EPSS
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1305-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1305-1 advisory. The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can...
8.2CVSS
6.6AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.2AI Score
0.0004EPSS
(RHSA-2024:1868) Important: Red Hat build of Keycloak security update
Red Hat build of Keycloak 22.0.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): path transversal in redirection validation (CVE-2024-1132) ...
6.6AI Score
EPSS
(RHSA-2024:1867) Moderate: Red Hat build of Keycloak 22.0.10 enhancement and security update
Red Hat build of Keycloak 22.0.10 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): ...
6.6AI Score
EPSS
(RHSA-2024:1866) Important: Red Hat Single Sign-On 7.6.8 security update
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 serves as a replacement for Red Hat Single Sign-On 7.6.7, and....
8.1AI Score
0.0005EPSS
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage...
7AI Score
0.05EPSS
(RHSA-2024:1862) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 9
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1861) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 8
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1860) Important: Red Hat Single Sign-On 7.6.8 enhancement and security update on RHEL 7
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
How Qualys Supports the National Cyber Security Centre (NCSC)’s Vulnerability Management Guidance
NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk...
7.2AI Score
Giant Tiger breach sees 2.8 million records leaked
Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of...
7.2AI Score
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
7AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.1AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.5AI Score
0.0004EPSS
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
7AI Score
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages klibc - small utilities built with klibc for early boot Details It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use...
9.8CVSS
9.3AI Score
0.013EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2024:1287-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1287-1 advisory. Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750) Vim is an...
7.8CVSS
7.7AI Score
0.002EPSS
Navigating the EU NIS2 Directive
How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple...
7.6AI Score
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical.....
7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Using the LockBit builder to generate targeted ransomware
The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks...
7.8AI Score
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features,"....
7.5AI Score
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
CVE-2022-0185-Case-Study This case study is a result of an...
8.4CVSS
8.9AI Score
0.001EPSS
IBM Security verify Access Appliance Denial of Service Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
6.2CVSS
6.5AI Score
0.0004EPSS
Debian dla-3787 : xdmx - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3787 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length...
7.8CVSS
7.6AI Score
0.0005EPSS
7.4AI Score
7.4AI Score
PaperCut NG < 20.1.10 / 21.x < 21.2.14 / 22.x < 22.1.5 / 23.x < 23.0.7 Multiple Vulnerabilities
The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of...
8.6CVSS
7.2AI Score
0.001EPSS
PaperCut MF < 20.1.10 / 21.x < 21.2.14 / 22.x < 22.1.5 / 23.x < 23.0.7 Multiple Vulnerabilities
The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of...
8.6CVSS
7.2AI Score
0.001EPSS
7.4AI Score
IBM Security verify Access Appliance Security Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated...
7.5CVSS
6.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
This repository builds up a vulnerable HTTP2 Node.js server...
8.2CVSS
7.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2024:1262-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1262-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's...
7.8CVSS
7.3AI Score
0.0005EPSS
7.4AI Score
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS