CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2019-20633 affecting package patch 2.7.6-8
CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...
5.5CVSS
5.8AI Score
0.001EPSS
CVE-2023-22609 affecting package binutils 2.37-8
CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22604 affecting package binutils 2.37-8
CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22607 affecting package binutils 2.37-8
CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22606 affecting package binutils 2.37-8
CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2022-2990 affecting package buildah 1.18.0-8
CVE-2022-2990 affecting package buildah 1.18.0-8. This CVE either no longer is or was never...
7.1CVSS
9.4AI Score
0.0005EPSS
CVE-2022-41725 affecting package gcc 11.2.0-8
CVE-2022-41725 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2023-22603 affecting package binutils 2.37-8
CVE-2023-22603 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22605 affecting package binutils 2.37-8
CVE-2023-22605 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2022-41724 affecting package gcc 11.2.0-8
CVE-2022-41724 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2020-25657 affecting package m2crypto 0.35.2-8
CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available...
5.9CVSS
7.5AI Score
0.002EPSS
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
7.5AI Score
7.5AI Score
6.2CVSS
7.2AI Score
0.0005EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....
7.5CVSS
7AI Score
0.001EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
7.4AI Score
EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
EPSS
Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...
7.4CVSS
7.1AI Score
0.002EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
Argo-cd authenticated users can enumerate clusters by name in...
4.3CVSS
6.5AI Score
0.0004EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...
5.5CVSS
6.7AI Score
0.0004EPSS
SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
SFTPGo has insufficient access control for password reset in...
5.4CVSS
7AI Score
0.0004EPSS
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
7.9AI Score
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
5.6AI Score
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
7.8AI Score
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
0.0004EPSS
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
7.8CVSS
7.8AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
VMware ESXi 7.0 / 8.0 Out-of-Bounds read (CVE-2024-37086)
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory: Note that Nessus has not tested for these issues but has instead relied...
6.8CVSS
7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
VMware ESXi 7.0 / 8.0 Authenticaton Bypass (CVE-2024-37085)
The version of VMware ESXi installed on the remote host is prior to 8.0 Update 3. It is, therefore, affected by an authentication bypass vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...
6.8CVSS
7.4AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
6.9AI Score
0.0004EPSS
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...
10CVSS
10AI Score
EPSS
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to...
6.6AI Score
0.0004EPSS
Decoding OWASP – A Security Engineer’s Roadmap to Application Security
In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...
8.4AI Score
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...
7.8AI Score
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins. Executive Summary On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the...
6.9AI Score
AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...
9.1CVSS
7.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.7AI Score
EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.6AI Score
0.0004EPSS