Updated wget packages fix security vulnerability
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent....
7.1AI Score
0.0004EPSS
A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
7.4AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure
Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
6.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation....
7.7AI Score
A vulnerability in PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call)...
10CVSS
0.0004EPSS
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
7.5CVSS
7.8AI Score
0.0004EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...
7.6AI Score
Yokogawa FAST/TOOLS and CI Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
5.8CVSS
7.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...
7AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
7.5AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...
7.1AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...
6.8AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
7.2AI Score
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded...
9AI Score
EPSS
The Secrets of Hidden AI Training on Your Data
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable,...
6.7AI Score
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.6AI Score
EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
7.3AI Score
EPSS
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 package_evr_string: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with C_CreateObject and when C_DeriveKey is.....
5.5CVSS
6.8AI Score
0.0004EPSS
Software: ncurses 6.1 OS: ROSA Virtualization 2.1 package_evr_string: ncurses-6.1 CVE-ID: CVE-2022-29458 BDU-ID: 2023-00296 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the convert_strings function of the convert_strings component of the tinfo/read_entry.c component of the Ncurses terminal I/O.....
7.1CVSS
7.1AI Score
0.001EPSS
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
EPSS
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.9AI Score
EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
9.5AI Score
EPSS
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
9.6AI Score
EPSS
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
EPSS
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt...
8.1CVSS
8.6AI Score
0.0004EPSS
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...
6.9AI Score
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
7AI Score
EPSS
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: keda, tkn, slsa-verifier, spire-server, flux-source-controller, traefik, cilium-envoy, cloudflared, oauth2-proxy, terragrunt, cert-manager, kyverno, dex, falco, aactl, istio-pilot-discovery, gitsign, sops, vexctl, tekton-chains, kots, rekor, flux-kustomize-controller,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: loki, kpt, up, slsa-verifier, ctop, cert-manager, prometheus, falco, aactl, chartmuseum, paranoia, tekton-chains, k3d, goreleaser, scorecard, kubescape, skaffold, bom, tekton-pipelines,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: helm-push, grype, eksctl, helm, up, kaniko, ctop, flux-source-controller, fuse-overlayfs-snapshotter, cert-manager, newrelic-infrastructure-agent, melange, cilium-cli, kubevela, trivy, k3d, kots, neuvector-agent, zot, flux-helm-controller, gitness, kubescape,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...
7.5AI Score
Vulnerabilities for packages: neuvector-sigstore-interface, pulumi-kubernetes-operator, flux-image-reflector-controller, keda, skopeo, flux-notification-controller, loki, buildkitd, flux-image-automation-controller, tkn, slsa-verifier, spire-server, flux-source-controller, terraform, cert-manager,....
6CVSS
6AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: dotnet, kpt, kubewatch, ollama, slsa-verifier, fuse-overlayfs-snapshotter, dgraph, kyverno, nginx-stable, falco, nvidia-device-plugin, envoy-ratelimit, weaviate, terraform-provider-azurerm, kind, kots, kubernetes-csi-livenessprobe, pulumi-language-dotnet, gobuster,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: clusterctl, prometheus-redis-exporter, skopeo, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, aws-load-balancer-controller, k8sgpt, rclone, velero, kpt, kubewatch, kaniko, ollama, secrets-store-csi-driver-provider-azure, docker-compose,...
7.5AI Score
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: caddy, keda, cert-manager, prometheus-adapter, gatekeeper, kubernetes, calico, prometheus, thanos, ipfs, gitlab-kas, up, kubevela,...
7.5CVSS
7.9AI Score
0.001EPSS
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: caddy, keda, cert-manager, prometheus-adapter, gatekeeper, kubernetes, calico, prometheus, thanos, ipfs, gitlab-kas, up, kubevela,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, envoy-ratelimit, yq, kubernetes, falcoctl, flux-helm-controller, runc, node-problem-detector, prometheus-elasticsearch-exporter, trillian,...
6.8AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: neuvector-sigstore-interface, pulumi-kubernetes-operator, flux-image-reflector-controller, keda, skopeo, flux-notification-controller, loki, buildkitd, flux-image-automation-controller, tkn, slsa-verifier, spire-server, flux-source-controller, terraform, cert-manager,....
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gitlab-logger, go-licenses, helm-push, petname, cass-operator, nsc, configmap-reload, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, docker-credential-ecr-login, vertical-pod-autoscaler, influx, docker-cli, cni-plugins, mage, slsa-verifier, ctop,...
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: kubernetes-csi-external-provisioner, aws-load-balancer-controller, k8sgpt, kpt, kubewatch, ollama, thanos-operator, fuse-overlayfs-snapshotter, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, nvidia-device-plugin, weaviate, aws-ebs-csi-driver, yq, timoni,...
6.1CVSS
7.3AI Score
0.001EPSS