KB5039334: Servicing stack update for Windows 10, version 1607 and Server 2016: June 11, 2024
KB5039334: Servicing stack update for Windows 10, version 1607 and Server 2016: June 11, 2024 __ End of support information Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack...
6.8AI Score
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing...
6.7AI Score
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST...
7.5CVSS
6.9AI Score
0.123EPSS
Fedora: Security Advisory for python-jinja2 (FEDORA-2024-ce7649d28e)
The remote host is missing an update for...
5.4CVSS
5.7AI Score
0.0004EPSS
What Data Does Veeam Kasten for Kubernetes Include in the Phone Home Reports
This article documents what data is included in the phone home reports sent by Veeam Kasten for...
7.1AI Score
Arbitrary system path lookup in h20
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
6.6AI Score
0.0004EPSS
Arbitrary system path lookup in h20
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
5.3AI Score
0.0004EPSS
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
5.2AI Score
0.0004EPSS
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
8AI Score
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
9AI Score
0.0004EPSS
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
0.0004EPSS
Evmos allows unvested token delegations
Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade.....
5.3CVSS
5.3AI Score
0.0004EPSS
Evmos allows unvested token delegations
Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade.....
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
7.7AI Score
0.0004EPSS
CVE-2024-5187 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
0.0004EPSS
CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead.....
5.3CVSS
0.0004EPSS
Husband stalked ex-wife with seven AirTags, indictment says
Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...
6.2AI Score
A vulnerability in the download_model_with_test_data function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...
8.8CVSS
9AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Say hello to the fifth generation of Malwarebytes
Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here's what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now...
7.3AI Score
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in.....
7AI Score
The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:--allow-fs-read=/home/node/.ssh/*.pubwill ignore pub and give access to everything after .ssh/.This misleading documentation affects all users...
5CVSS
5.8AI Score
0.0004EPSS
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for....
8AI Score
WhatsApp cryptocurrency scam goes for the cash prize
This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...
7.3AI Score
RHEL 5 : procps (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow...
7.8CVSS
7.4AI Score
0.006EPSS
RHEL 5 : libuser (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libuser: TOCTOU race conditions by copying and removing directory trees (CVE-2012-5630) libuser:...
6.3CVSS
6.5AI Score
0.0004EPSS
RHEL 5 : wget (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: FTP symlink arbitrary filesystem access (CVE-2014-4877) wget: Lack of filename checking allows...
8.8CVSS
7.8AI Score
0.955EPSS
RHEL 6 : libuser (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libuser: TOCTOU race conditions by copying and removing directory trees (CVE-2012-5630) libuser:...
6.3CVSS
6.2AI Score
0.0004EPSS
RHEL 6 : sssd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sssd: information leak from the sssd-sudo responder (CVE-2018-10852) sssd versions from 1.13.0 to before...
5.2CVSS
7.8AI Score
0.004EPSS
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: Bounds check can be...
7.8CVSS
7.3AI Score
0.102EPSS
RHEL 5 : sudo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sudo: noexec bypass via wordexp() (CVE-2016-7076) sudo before 1.8.12 does not ensure that the TZ...
7.5CVSS
6.9AI Score
0.008EPSS
[SECURITY] Fedora 39 Update: python-jinja2-3.1.4-1.fc39
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
5.4CVSS
7.2AI Score
0.0004EPSS
Friday Squid Blogging: Baby Colossal Squid
This video might be a juvenile colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023,....
7.6AI Score
TYPO3 possible cache poisoning on the homepage when anchors are used
A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can.....
7.1AI Score
TYPO3 possible cache poisoning on the homepage when anchors are used
A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can.....
7.1AI Score
Beware of scammers impersonating Malwarebytes
Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image.....
7.3AI Score
The Ticketmaster “breach”—what you need to know
Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users. The data was offered for sale on one forum under the name "Shiny Hunters". ShinyHunters is the online handle for.....
7.3AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.3AI Score
0.0004EPSS
Summary IBM WebSphere Application Server (WAS) is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
7CVSS
6.7AI Score
0.0004EPSS
pcTattletale spyware leaks database containing victim screenshots, gets website defaced
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...
7.2AI Score
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions...
9.8CVSS
8.5AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
libigl readOFF stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities May 28, 2024 CVE Number CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp...
7.8CVSS
8.5AI Score
0.001EPSS
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
Fedora: Security Advisory for python-jinja2 (FEDORA-2024-2005708761)
The remote host is missing an update for...
5.4CVSS
5.7AI Score
0.0004EPSS