Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
7.4AI Score
EPSS
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than...
7.8AI Score
EPSS
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than...
7.4AI Score
EPSS
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
7.8AI Score
EPSS
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
7.7AI Score
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
9.7AI Score
Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...
7.5AI Score
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
8.1AI Score
0.0004EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
7.3AI Score
(RHSA-2024:3369) Important: Errata Advisory for Red Hat OpenShift GitOps v1.10.6 security update
Errata Advisory for Red Hat OpenShift GitOps v1.10.6 Security Fix(es): CVE-2024-31989 argocd: unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. For more details about the security issue(s), including the impact, a CVSS score,...
7.3AI Score
0.05EPSS
(RHSA-2024:3368) Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.3 security update
Errata Advisory for Red Hat OpenShift GitOps v1.12.3 Security Fix(es): CVE-2024-31989 argocd: unprivileged pod in a different namespace on the same cluster could connect to the Redis server. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
7.3AI Score
0.05EPSS
pro-elevage.com Improper Access Control vulnerability OBB-3931248
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Mitel MiVoice Connect Server Installed (Windows)
Mitel MiVoice Connect Server is installed on the remote Windows...
7.4AI Score
5.3CVSS
7.4AI Score
0.001EPSS
Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.034EPSS
7.3AI Score
7.3AI Score
in-dubio-pro-geo.de Cross Site Scripting vulnerability OBB-3930898
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
7.3AI Score
7.3AI Score
Fedora: Security Advisory for sssd (FEDORA-2024-78240de990)
The remote host is missing an update for...
7.1CVSS
7.1AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp (FEDORA-2024-c702ea0fb1)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp (FEDORA-2024-050266dc33)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for sssd (FEDORA-2024-3798818c82)
The remote host is missing an update for...
7.1CVSS
7.1AI Score
0.0004EPSS
Fedora: Security Advisory for sssd (FEDORA-2024-44602bead8)
The remote host is missing an update for...
7.1CVSS
7.1AI Score
0.0004EPSS
A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Bugs https://bugs.chromium.org/p/webm/issues/detail?id=1642 Notes...
7.5CVSS
6.6AI Score
0.001EPSS
4.9CVSS
7.1AI Score
0.0005EPSS
A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...
7.5CVSS
7.1AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp (FEDORA-2024-1b11432d52)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for freerdp2 (FEDORA-2024-982a7184e0)
The remote host is missing an update for...
9.8CVSS
8.8AI Score
0.0004EPSS
7.8CVSS
6.4AI Score
0.001EPSS
7.8CVSS
6.4AI Score
0.001EPSS
Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’
Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...
7.4AI Score
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created....
9.1CVSS
10AI Score
0.969EPSS
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which...
7.4AI Score
JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 (CVSS score: 8.7),...
8.4CVSS
6.7AI Score
0.028EPSS
Cross-site Request Forgery (CSRF)
Sensiolabs/connect is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the absence of a state parameter in OAuth requests, which exposes applications to CSRF attacks during the OAuth authentication...
7.3AI Score
Missing Default Authentication
Argo CD is vulnerable to Missing Default Authentication. The vulnerability is due to the default lack of password protection in redis, allowing attackers with access to an unprivileged pod to connect to the Redis server to gain read/write access, modify the "mfst" (manifest) key to execute...
9CVSS
7.1AI Score
0.0004EPSS
7.3AI Score
7.3AI Score
Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...
6AI Score
EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...
9.6AI Score
0.0004EPSS
Ivanti Policy Secure 22.x XSS Vulnerability
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
8.2CVSS
6.1AI Score
0.0004EPSS
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.) PoC Free: 1. ADMIN: Install The Events Calendar 2. ADMIN: Create events with each status: published,...
9.4AI Score
0.0004EPSS
Ivanti Connect Secure 9.x / 22.x XSS Vulnerability
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
8.2CVSS
6.1AI Score
0.0004EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score