Big-ip (dns, Gtm) Security Vulnerabilities
CVE-2024-24919-Sniper 
Apache HugeGraph-Server - Remote Command Execution
Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution...
6.5AI Score
0.001EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
8.6CVSS
6.1AI Score
0.945EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
8.6CVSS
6.1AI Score
0.945EPSS
[SECURITY] Fedora 39 Update: rust-local_ipaddress-0.1.3-8.fc39
Get your local IP address without...
7.1AI Score
10CVSS
6.7AI Score
0.001EPSS
Aquatronica Control System 5.1.6 Password Disclosure Exploit
Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....
7.5AI Score
7.5CVSS
6.7AI Score
0.013EPSS
ip172.ip-51-255-15.eu Cross Site Scripting vulnerability OBB-3932087
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-24919 Esse projeto tem como objetivo criar uma...
8.6CVSS
6.3AI Score
0.945EPSS
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3254)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3254 advisory. aardvark-dns buildah [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 ...
8.6CVSS
6.9AI Score
0.002EPSS
7.5CVSS
7.1AI Score
EPSS
Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...
6.8CVSS
6.8AI Score
0.0004EPSS
6.7AI Score
0.001EPSS
CVE-2024-24919 Exploit Overview This repository contains...
8.6CVSS
8.6AI Score
0.945EPSS
7.5AI Score
CVE-2024-24919 Exploit tool to validate CVE-2024-24919...
8.6CVSS
5.9AI Score
0.945EPSS
7.4AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
Server Side Request Forgery (SSRF)
ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...
6.8AI Score
EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
Check point:CVE-2024-24919 ...
8.6CVSS
6.5AI Score
0.945EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
CVE-2024-24919 An Vulnerability detection and Exploitation...
8.6CVSS
6.1AI Score
0.945EPSS
Symfony is vulnerable to IP Address Spoofing The vulnerability is due to the potential manipulation of client IP addresses returned by the Request::getClientIp() method for sensitive decisions. It allows malicious actors to manipulate or spoof their IP...
7AI Score
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
Amazon Linux 2 : unbound (ALASUNBOUND-2024-001)
The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-001 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...
6.3AI Score
0.0004EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
7.4AI Score
7.1AI Score
0.001EPSS
10CVSS
7.1AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-069)
The version of kernel installed on the remote host is prior to 5.4.276-189.376. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-069 advisory. 2024-06-19: CVE-2024-36905 was added to this advisory. 2024-06-19: CVE-2024-36959 was added to this...
6.7AI Score
0.0005EPSS
K000139859: Envoy vulnerability CVE-2024-30255
Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....
5.3CVSS
6.7AI Score
0.0004EPSS
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine
Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. "The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to...
7.8CVSS
7.6AI Score
0.192EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...
6.6AI Score
0.0004EPSS
CVE-2024-36928 s390/qeth: Fix kernel panic after setting hsuid
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.8AI Score
0.0004EPSS
CVE-2024-36928 s390/qeth: Fix kernel panic after setting hsuid
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.4AI Score
0.0004EPSS
CVE-2024-36031 keys: Fix overwrite of key expiration on instantiation
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...
6.7AI Score
0.0004EPSS
CVE-2024-36031 keys: Fix overwrite of key expiration on instantiation
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set...
7.3AI Score
0.0004EPSS
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. "These vulnerabilities are found in various WordPress plugins and are...
8.3CVSS
6.1AI Score
0.0005EPSS
Symfony2 improper IP based access control
Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()). An application is vulnerable if it uses the client IP address as returned by the...
7.1AI Score
Symfony2 improper IP based access control
Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()). An application is vulnerable if it uses the client IP address as returned by the...
7.1AI Score
(RHSA-2024:3497) Important: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) edk2: Buffer...
7.4AI Score
0.001EPSS
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score