Untrusted search path under some conditions on Windows allows arbitrary code execution
Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may be....
7.8CVSS
8AI Score
0.001EPSS
7.6AI Score
0.0004EPSS
K000138177 : OpenSSL vulnerability CVE-2023-5363
Security Advisory Description Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in...
7.5CVSS
6.6AI Score
0.001EPSS
Microsoft ASP.NET Core project templates vulnerable to denial of service
Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to...
6.8CVSS
8.4AI Score
0.001EPSS
Microsoft ASP.NET Core project templates vulnerable to denial of service
Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to...
6.8CVSS
8.4AI Score
0.001EPSS
Why Public Links Expose Your SaaS Attack Surface
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork.....
6.9AI Score
Listening in at Latimer House. RF emissions and more
Loose lips sink ships, loose tweets sink fleets. Intelligence, espionage, technological advancements and other learnings from our annual company conference at the historic and underappreciated Latimer House. “Loose lips [might] sink ships” was a phrase used in UK propaganda posters in WWII. It...
6.6AI Score
GLSA-202401-10 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-10 (Mozilla Firefox: Multiple Vulnerabilities) When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This...
9.8CVSS
8.3AI Score
0.642EPSS
Frenemies to friends: Developers and security tools
You heard the vendor pitches. You evaluated the options. You got the budget approved. Now, you need your company's developers to actually use the tool. Socializing a new security tool can feel intimidating or overwhelming. It may feel like you are battling competing priorities and culture...
7AI Score
Safeguarding Trade: Discovering the World of Mastercard Digital Guardrails In our tech-driven era, it is vitro important that financial dealings are shielded competently. A colossal number of exchanges are happening each day, proving the ever growing necessity of sturdy digital protective...
7.5AI Score
How to Protect Your Privacy Online
Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...
7.4AI Score
Addressing the Rising Threat of API Leaks
In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address.....
6.9AI Score
Investment fraud a serious money maker for criminals
Europols’s spotlight report ‘Online fraud schemes: a web of deceit’, looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the report's primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that.....
7AI Score
Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of.....
6.9CVSS
7.1AI Score
0.061EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.7AI Score
Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities...
6.5AI Score
The top 4 ransomware gang failures of 2023
Ransomware gangs care about one thing: Stealing money. Over time, their craven, cybercriminal efforts have toppled businesses, destabilized hospitals, and ruined lives. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery...
7.9AI Score
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access...
7.1CVSS
7AI Score
0.002EPSS
Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a....
8AI Score
[SECURITY] [DSA 5591-1] libssh security update
Debian Security Advisory DSA-5591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq Package : libssh CVE ID : CVE-2023-6004 CVE-2023-6918...
5.9CVSS
8.7AI Score
0.963EPSS
Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that...
7AI Score
7.4AI Score
gitlab:sid is a vulnerable of improper authorization. The vulnerability due to effect of GitLab CE/EE and it does not performs an authorization check when an actor attempts to access. It leads to improper authorization by allow an attacker to leak the owner's Sentry instance...
4.3CVSS
6.8AI Score
0.0004EPSS
gitlab:sid is vulnerable of Denial Of Service. The vulnerability is due to by adding a large string in timeout input in gitlab-ci.yml file. It allow an attacker to effect all versions in GitLab CE/EE and leads to regular expression denial of...
6.5CVSS
6.7AI Score
0.0004EPSS
[SECURITY] [DLA 3694-1] openssh security update
Debian LTS Advisory DLA-3694-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 25, 2023 https://wiki.debian.org/LTS Package : openssh Version : 1:7.9p1-10+deb10u4 CVE ID ...
7CVSS
7.7AI Score
0.963EPSS
MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context......
7AI Score
9.8CVSS
7AI Score
0.963EPSS
8.1CVSS
6.7AI Score
0.963EPSS
[SECURITY] [DSA 5588-1] putty security update
Debian Security Advisory DSA-5588-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2023 https://www.debian.org/security/faq Package : putty CVE ID : CVE-2021-36367 CVE-2023-48795...
8.1CVSS
6.7AI Score
0.963EPSS
Exploit for Improper Ownership Management in Linux Linux Kernel
A flaw was found in the Linux kernel, where unauthorized access...
7.8CVSS
7.6AI Score
0.0004EPSS
Nautobot missing object-level permissions enforcement when running Job Buttons
Impact When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have permission to run Jobs in general?). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view...
4.3CVSS
6.9AI Score
0.001EPSS
Nautobot missing object-level permissions enforcement when running Job Buttons
Impact When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have permission to run Jobs in general?). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view...
4.3CVSS
6.9AI Score
0.001EPSS
[SECURITY] [DSA 5586-1] openssh security update
Debian Security Advisory DSA-5586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 22, 2023 https://www.debian.org/security/faq Package : openssh CVE ID : CVE-2021-41617 CVE-2023-28531...
9.8CVSS
10AI Score
0.963EPSS
OpenSSH < 9.6 Multiple Vulnerabilities
The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus...
6.5CVSS
7.5AI Score
0.963EPSS
[5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569} - x86/calldepth: Rename...
7.8CVSS
7.7AI Score
0.001EPSS
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
By Mike Gentile, Asheer Malhotra and Vitor Ventura. Editor's note: This blog post is a public version of a talk presented at LabsCon 2023 on Sept. 22, 2023. You can watch a recording of the talk here. Some of the intelligence presented at LabsCon was later confirmed by an Amnesty International...
6.6AI Score
New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to....
7.2AI Score
Dangerous use of deadline parameter
Lines of code https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/LiquidityPosition.sol#L197 https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/LiquidityPosition.sol#L260...
7.1AI Score
7.3AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
The remote SSH server is supporting an specific encryption algorithm or MAC. Parts of their SSH specification are vulnerable to a novel prefix truncation attack (a.k.a. Terrapin...
5.9CVSS
6.8AI Score
0.963EPSS
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
BlackCat Ransomware Raises Ante After FBI Disruption
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that hundreds of victim.....
7.3AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...
6.9AI Score
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....
5.9CVSS
6.5AI Score
0.963EPSS