Operation Celestial Force employs mobile and desktop malware to target Indian entities
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...
7.2AI Score
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.002EPSS
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....
8.1CVSS
0.001EPSS
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....
8.1CVSS
7AI Score
0.001EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...
5.3CVSS
0.0005EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of...
5.3CVSS
6.9AI Score
0.0005EPSS
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....
7.8CVSS
8.3AI Score
0.213EPSS
Chromium: CVE-2024-5838 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5847 Use after free in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5834 Inappropriate implementation in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5840 Policy Bypass in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.5CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5831 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5846 Use after free in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5841 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5845 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5833 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5843 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.5CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5842 Use after free in Browser UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5832 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5837 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5830 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.5CVSS
6.7AI Score
0.001EPSS
Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
8.8CVSS
6.7AI Score
0.001EPSS
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details ** CVEID: CVE-2023-6516 DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...
7.5CVSS
8AI Score
0.963EPSS
Denial Of Service Via Account Lockout
org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...
7AI Score
A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple...
0.0004EPSS
Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Windows
Firefox ESR is prone to multiple ...
6.6AI Score
0.0004EPSS
LatePoint Plugin < 4.9.9.1 - Missing Authorization and Sensitive Information Exposure via IDOR
Description The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated...
9.1CVSS
6.6AI Score
0.001EPSS
RHEL 8 : dnsmasq (RHSA-2024:3929)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...
7.5CVSS
8.4AI Score
0.05EPSS
CentOS 7 : 389-ds-base (RHSA-2024:3591)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...
7.5CVSS
7.6AI Score
0.0004EPSS
The version of Thunderbird installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...
7.8AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - MAC OS X
Google Chrome is prone to multiple ...
8.8CVSS
8.8AI Score
0.001EPSS
Adobe ColdFusion < 2021.x < 2021u14 / 2023.x < 2023u8 Multiple Vulnerabilities (APSB24-41)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 14 or 2023.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-41 advisory. Improper Access Control (CWE-284) potentially leading to Arbitrary file system...
7.5CVSS
7.9AI Score
0.001EPSS
KLA68933 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...
9.2AI Score
0.0004EPSS
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Windows
Mozilla Firefox is prone to multiple ...
6.7AI Score
0.0004EPSS
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Mac OS X
Mozilla Firefox is prone to multiple ...
6.7AI Score
0.0004EPSS
RHEL 8 : dnsmasq (RHSA-2024:3877)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...
7.5CVSS
8.2AI Score
0.05EPSS
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)
The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...
7.8CVSS
6.9AI Score
0.0004EPSS
NVIDIA Windows GPU Display Driver (June 2024)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of...
7.8CVSS
6.8AI Score
0.0004EPSS
Microsoft Edge (Chromium) < 126.0.2592.56 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.56. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2024 advisory. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-30058, CVE-2024-38083) Type...
8.8CVSS
8.8AI Score
0.001EPSS
Fedora 39 : php (2024-52c23ef1ec)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...
9.8CVSS
8.8AI Score
0.973EPSS
RHEL 9 : expat (RHSA-2024:3926)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...
7.5CVSS
10AI Score
0.001EPSS
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...
9.8CVSS
10AI Score
0.518EPSS
Adobe Substance 3D Stager < 3.0.2 Multiple Vulnerabilities (APSB24-43) (macOS)
The version of Adobe Substance 3D Stager installed on the remote macOS host is prior to 3.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-43 advisory. Successful exploitation could lead to arbitrary code execution in the context of the current user. Note...
7.8CVSS
7.8AI Score
0.001EPSS
Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Linux
Google Chrome is prone to multiple ...
8.8CVSS
8.8AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.0005EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...
6.5CVSS
7.4AI Score
EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...
7.8CVSS
7AI Score
0.0004EPSS