Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through...
5.7CVSS
5.5AI Score
0.0004EPSS
Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through...
5.7CVSS
0.0004EPSS
How to Use Tines's SOC Automation Capability Matrix
Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...
7AI Score
CVE-2024-3036 Communication DoS vulnerability
Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through...
5.7CVSS
0.0004EPSS
CVE-2024-3036 Communication DoS vulnerability
Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through...
5.7CVSS
6.8AI Score
0.0004EPSS
This script is designed to exploit vulnerabilities in a Mailcow...
6.2CVSS
7AI Score
0.0004EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
0.0004EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
4.4AI Score
0.0004EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
0.0004EPSS
Fedora: Security Advisory for python-authlib (FEDORA-2024-2e9c58d661)
The remote host is missing an update for...
7.5CVSS
7.1AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper...
7.5AI Score
EPSS
urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.7AI Score
0.0004EPSS
Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. (CVE-2023-30630, CVE-2023-28321) Vulnerability Details ** CVEID: CVE-2023-27536 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...
7.1CVSS
7.5AI Score
0.002EPSS
Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491). A patch has been provided that updates the Dmidecode library. Vulnerability Details ** CVEID: CVE-2023-29491 DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a memory corruption...
7.8CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)
Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081) Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a...
5.3CVSS
6.8AI Score
0.001EPSS
Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. (CVE-2023-30630) Vulnerability Details ** CVEID: CVE-2023-30630 DESCRIPTION: **Dmidecode could allow a local authetnicated attacker to bypass security...
7.1CVSS
6.9AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
8.3CVSS
10AI Score
0.005EPSS
Malicious code in melichat-component-library (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1d7d152708054848a62109924487b7dcacac50e054b19a8682b3b0b26b279e6b) The OpenSSF Package Analysis project identified 'melichat-component-library' @ 1.1.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by storing credentials in the log by the client-go library [CVE-2019-11250]. Kubernetes is included in the Speech utilities used by our service. This...
6.5CVSS
5.5AI Score
0.001EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References CVE-2024-35255 Patches https://github.com/traefik/traefik/releases/tag/v2.11.5 https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds No...
5.5CVSS
7.1AI Score
0.0004EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Impact There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. References CVE-2024-35255 Patches https://github.com/traefik/traefik/releases/tag/v2.11.5 https://github.com/traefik/traefik/releases/tag/v3.0.3 Workarounds No...
5.5CVSS
6.7AI Score
0.0004EPSS
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...
8.5AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.2AI Score
EPSS
8.7AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: python-authlib-1.3.1-1.fc39
Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are...
7.5CVSS
7AI Score
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
8.7AI Score
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
0.001EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
0.019EPSS
RHEL 9 : ghostscript (RHSA-2024:3999)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3999 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
RHEL 9 : curl (RHSA-2024:3998)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3998 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP,...
6.5AI Score
0.0004EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
8AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.6AI Score
EPSS
[9.27-13] - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver...
7.8AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: OPVP device arbitrary code execution via custom Driver library...
7.3AI Score
EPSS
Oracle Linux 8 : ghostscript (ELSA-2024-4000)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4000 advisory. [9.27-13] - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library Tenable has extracted the preceding description block...
7.1AI Score
EPSS
AlmaLinux 8 : ghostscript (ALSA-2024:4000)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4000 advisory. * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) Tenable has extracted the preceding description block directly from...
7.3AI Score
EPSS
Oracle Linux 9 : ghostscript (ELSA-2024-3999)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3999 advisory. [9.54.0-16] - RHEL-39110 fix regression discovered in OPVP device [9.54.0-15] - RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via...
7.2AI Score
EPSS
RHEL 8 : ghostscript (RHSA-2024:4000)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4000 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
[9.54.0-16] - RHEL-39110 fix regression discovered in OPVP device [9.54.0-15] - RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver...
7.7AI Score
EPSS
AlmaLinux 9 : ghostscript (ALSA-2024:3999)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3999 advisory. * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871) Tenable has extracted the preceding description block directly from...
7.3AI Score
EPSS
RHEL 9 : ghostscript (RHSA-2024:4014)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4014 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
7.2AI Score
EPSS
Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...
9.8CVSS
9.5AI Score
0.939EPSS
6.9AI Score
0.001EPSS
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...
6.8AI Score
9.8CVSS
9.7AI Score
0.937EPSS
ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system...
10CVSS
6.7AI Score
0.0004EPSS
Debian dla-3837 : libndp-dbg - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3837 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3837-1 [email protected] ...
8.1CVSS
8.3AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS