9.8CVSS
9.9AI Score
0.711EPSS
Oracle Identity Manager (Apr 2024 CPU)
The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Quartz)). The supported...
9.8CVSS
7.4AI Score
0.008EPSS
Low Photon OS Security Update - PHSA-2024-4.0-0598
Updates of ['kubernetes'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
RHEL 7 : tigervnc (RHSA-2024:0006)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0006 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...
7.8CVSS
8.3AI Score
0.273EPSS
RHEL 7 : shim (RHSA-2024:1959)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1959 advisory. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot...
8.3CVSS
8.3AI Score
0.025EPSS
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Exploit
A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled...
9.8CVSS
10AI Score
0.711EPSS
Low Photon OS Security Update - PHSA-2024-5.0-0255
Updates of ['kubernetes'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment...
9.1CVSS
9.7AI Score
0.969EPSS
A week in security (April 15 – April 21)
Last week on Malwarebytes Labs: Law enforcement reels in phishing-as-a-service whopper Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million Cannabis investment scam JuicyFields ends in 9 arrests Should you share your location with your partner? Giant Tiger.....
7.4AI Score
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details ** CVEID: CVE-2023-26119 DESCRIPTION:...
9.8CVSS
10AI Score
0.164EPSS
RHEL 6 / 7 : rh-python35-python-jinja2 (RHSA-2019:1237)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1237 advisory. python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745) python-jinja2: str.format_map allows...
8.6CVSS
8.8AI Score
0.004EPSS
RHEL 6 / 7 : php54 (RHSA-2015:1066)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1066 advisory. php: use after free vulnerability in unserialize() (CVE-2014-8142) php: out of bounds read when parsing a crafted .php file...
9.8CVSS
8.9AI Score
0.955EPSS
RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2015:1630)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1630 advisory. mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) (CVE-2015-2582) mysql: unspecified vulnerability related to...
7.5AI Score
0.006EPSS
RHEL 7 : rabbitmq-server (RHSA-2017:0530)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0530 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable...
6.5CVSS
6.4AI Score
0.006EPSS
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....
9.1CVSS
8.2AI Score
0.027EPSS
Oracle WebCenter Portal (April 2024 CPU)
The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that...
4.4CVSS
5.6AI Score
0.0004EPSS
Oracle Coherence (April 2024 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by a vulnerability as referenced in the April 2024 CPU advisory: Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Apache Mina SSHD)). Supported...
5.9CVSS
6.8AI Score
0.963EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0595
Updates of ['python3-pycryptodomex', 'python3-pycryptodome'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Oracle Access Manager (Apr 2024 CPU)
The 12.2.1.4.0 versions of Access Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Webserver Plugin (Apache Xerces-C++)). The...
8.8CVSS
8.5AI Score
0.007EPSS
Moderate Photon OS Security Update - PHSA-2024-4.0-0596
Updates of ['linux-aws'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 271 Vulnerability Details ** CVEID: CVE-2024-22259 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.8AI Score
0.0005EPSS
Recover from Ransomware in 5 Minutes—We will Teach You How!
Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest....
7AI Score
Important Photon OS Security Update - PHSA-2024-4.0-0593
Updates of ['squid'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
RHEL 7 : firefox (RHSA-2024:1910)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1910 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.4AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-4.0-0594
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Oracle HTTP Server (April 2024 CPU)
The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Plugins (BSAFE Crypto-J)). Supported versions that are...
9.8CVSS
8.1AI Score
0.01EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0250
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0750
Updates of ['glibc'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0751
Updates of ['squid'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.005EPSS
Moderate Photon OS Security Update - PHSA-2024-5.0-0251
Updates of ['python3-pycryptodomex', 'python3-pycryptodome'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Amazon Linux 2 : krb5 (ALAS-2024-2512)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2512 advisory. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in...
7.1AI Score
0.0004EPSS
RHEL 7 : rhc-worker-script (RHSA-2024:1874)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1874 advisory. The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts...
6.5AI Score
0.0004EPSS
Summary IBM Spectrum Symphony with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource Vulnerability Details ** CVEID: CVE-2023-34042 DESCRIPTION: **VMware Tanzu Spring Security could allow a local authenticated attacker to bypass security restrictions,...
5.5CVSS
6.6AI Score
0.0004EPSS
Summary IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource Vulnerability Details ** CVEID: CVE-2023-34042 DESCRIPTION: **VMware Tanzu Spring Security could allow a local authenticated attacker to bypass security restrictions,...
5.5CVSS
6.6AI Score
0.0004EPSS
Oracle Patch Update, April 2024 Security Update Review
Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including...
9.8CVSS
10AI Score
0.023EPSS
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...
10CVSS
9.6AI Score
0.966EPSS
RHEL 7 : java-1.8.0-openjdk (RHSA-2024:1817)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1817 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
3.7CVSS
5.8AI Score
0.001EPSS
Oracle WebLogic Server (April 2024 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (handlebars)). ...
9.8CVSS
8AI Score
0.732EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0249
Updates of ['squid'] packages of Photon OS have been...
9.8CVSS
8.4AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2024-5.0-0248
Updates of ['linux-secure', 'linux', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Amazon Linux 2023 : krb5-devel, krb5-libs, krb5-pkinit (ALAS2023-2024-586)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-586 advisory. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in...
7.1AI Score
0.0004EPSS
Moderate Photon OS Security Update - PHSA-2024-3.0-0749
Updates of ['libvirt', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Critical Photon OS Security Update - PHSA-2024-4.0-0592
Updates of ['linux-secure', 'suricata', 'ruby', 'wireshark', 'linux-aws', 'linux', 'openssl', 'libvirt', 'linux-rt'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.011EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
6.5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
6.5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
6.5AI Score
0.0004EPSS
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...
5.3CVSS
5AI Score
0.0004EPSS