The sliding doors of misinformation that come with AI-generated search results
As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...
7.2AI Score
CVE-2024-4889 Code Injection in berriai/litellm
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....
7.2CVSS
8AI Score
0.0004EPSS
CVE-2024-4889 Code Injection in berriai/litellm
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....
7.2CVSS
0.0004EPSS
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....
9.8CVSS
8.3AI Score
0.973EPSS
Advance Auto Parts customer data posted for sale
A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...
7.4AI Score
It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 21 incorrectly performed reverse DNS query....
3.7CVSS
5.2AI Score
0.001EPSS
It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 17 incorrectly performed reverse DNS query....
3.7CVSS
5.2AI Score
0.001EPSS
It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 11 incorrectly performed reverse DNS ...
3.7CVSS
5.2AI Score
0.001EPSS
It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8 ...
3.7CVSS
5.2AI Score
0.001EPSS
K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366
Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...
7.5CVSS
7.1AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-lts - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could...
3.7CVSS
5.2AI Score
0.001EPSS
7.4AI Score
ruby:3.3 security, bug fix, and enhancement update
ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability...
6.5AI Score
EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): ruby: Buffer overread...
9.4AI Score
EPSS
ruby:3.1 security, bug fix, and enhancement update
ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves:...
6.8AI Score
EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-17 - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could...
3.7CVSS
5.2AI Score
0.001EPSS
RHEL 9 : ruby:3.3 (RHSA-2024:3671)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3671 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
9.8AI Score
EPSS
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6810-1 advisory. It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with ...
3.7CVSS
5.6AI Score
0.001EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): ruby: Buffer overread...
7AI Score
EPSS
7.1AI Score
EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-8 - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An...
3.7CVSS
5AI Score
0.001EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages openjdk-21 - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this...
3.7CVSS
5.2AI Score
0.001EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...
6.2AI Score
EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...
7AI Score
EPSS
RHEL 8 : ruby:3.3 (RHSA-2024:3670)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
9.8AI Score
EPSS
AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary.....
9.8AI Score
EPSS
Security Bulletin: NVIDIA GPU Display Driver - June 2024
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
7.8CVSS
8AI Score
0.0004EPSS
RHEL 9 : ruby:3.1 (RHSA-2024:3668)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3668 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
7.3AI Score
EPSS
7.4AI Score
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 17 vulnerabilities (USN-6812-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6812-1 advisory. It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially...
3.7CVSS
5.7AI Score
0.001EPSS
7.1AI Score
EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...
6.2AI Score
EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially...
3.7CVSS
5.7AI Score
0.001EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...
6.3AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 21 vulnerabilities (USN-6813-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6813-1 advisory. It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long...
3.7CVSS
5.7AI Score
0.001EPSS
Summary The updates indicated below have been released to address CVE-2024-22326 (Deny unauthenticated-bind LDAP connection request). Vulnerability Details ** CVEID: CVE-2024-22326 DESCRIPTION: **IBM System Storage DS8000 could allow a remote user to create an LDAP connection with a valid...
5CVSS
5.6AI Score
0.0004EPSS
Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....
8.7CVSS
8.6AI Score
0.001EPSS
Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....
6.8CVSS
6.7AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable weaker than expected TLS security [CVE-2023-50312], cross-site scripting with JavaScript code [CVE-2024-27270], and sending specially crated requests to cause denial of service [CVE-2024-25026, CVE-2024-27268, CVE-2024-22353]....
7.5CVSS
6.9AI Score
0.0004EPSS
Cisco Finesse Web-Based Management Interface Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to perform a stored cross site-scripting (XSS) attack by exploiting a remote file inclusion (RFI) vulnerability or perform a server-side request forgery (SSRF) attack an.....
5.9AI Score
0.0005EPSS
Summary Calls to the Admin API in IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. [CVE-2024-31904] Vulnerability Details ** CVEID:...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary Golang Go is used by the operator, and the IntegrationServer and IntegrationRuntime operands in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator, and IntegrationServer and IntegrationRuntime operands are vulnerable to denial of...
7.4AI Score
0.0004EPSS
Summary Golang Go is used by the operator and by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and IntegrationServer and IntegrationRuntime operands are vulnerable....
7.4AI Score
0.0004EPSS
Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...
6.2AI Score
0.0004EPSS
Summary Gunicorn is used by IBM App Connect Enterprise Certified Container by the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS attacks. This bulletin provides patch information to address...
7.5CVSS
7.3AI Score
0.0004EPSS
Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine for processing data. IBM App Connect Enterprise Certified Container is vulnerable to denial of service when making HTTP calls using Node.js. This bulletin provides patch information to address the...
6.5CVSS
5.6AI Score
0.0004EPSS
Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...
4.3CVSS
4.5AI Score
0.0004EPSS
Securing AI Development in the Cloud: Navigating the Risks and Opportunities
AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...
7.4AI Score
X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans
A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects...
6.3AI Score
Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....
6AI Score
EPSS