[SECURITY] Fedora 40 Update: openvpn-2.6.11-1.fc40
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
7AI Score
EPSS
Fedora: Security Advisory for openvpn (FEDORA-2024-b611e122fb)
The remote host is missing an update for...
7.2AI Score
EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
7.4AI Score
0.0004EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
7.1AI Score
0.0004EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
6.6AI Score
0.0004EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
0.0004EPSS
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
0.0004EPSS
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
7AI Score
0.0004EPSS
Foxit Reader Privilege Escalation Vulnerability (June 2024)
Foxit Reader is prone to a privilege escalation...
8.2CVSS
8.4AI Score
0.0004EPSS
Foxit PhantomPDF Privilege Escalation Vulnerability (June 2024)
Foxit PhantomPDF is prone to a privilege escalation...
8.2CVSS
8.4AI Score
0.0004EPSS
Fortinet FortiClient (FG-IR-22-059) (macOS)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Fortinet FortiClient (FG-IR-22-059)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
Cybersecurity CPEs: Unraveling the What, Why & How
Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs...
7.2AI Score
Install To install headerpwn, run the following command: go install github.com/devanshbatham/[email protected] Usage headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool: Provide the target URL using the -url flag. Create a file...
7.3AI Score
ca-copy-certification-by-document-custodian.com Cross Site Scripting vulnerability OBB-3931556
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
9.8CVSS
9.8AI Score
0.001EPSS
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of...
8.2CVSS
6.8AI Score
0.0004EPSS
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of...
8.2CVSS
8.3AI Score
0.0004EPSS
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of...
8.2CVSS
8.2AI Score
0.0004EPSS
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of...
8.2CVSS
7AI Score
0.0004EPSS
Foxit Reader Updater improper certificate validation privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-1989 Foxit Reader Updater improper certificate validation privilege escalation vulnerability May 28, 2024 CVE Number CVE-2024-29072 SUMMARY A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper....
8.2CVSS
7.6AI Score
0.0004EPSS
Foxit PDF Editor < 12.1.7 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.7. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
8.2CVSS
6.8AI Score
0.0004EPSS
Foxit PDF Editor < 11.2.10 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.10. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
8.2CVSS
6.8AI Score
0.0004EPSS
Foxit PDF Editor < 13.1.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
8.2CVSS
6.8AI Score
0.0004EPSS
Foxit PDF Reader < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Reader application (previously named Foxit Reader) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
8.2CVSS
6.8AI Score
0.0004EPSS
Foxit PDF Editor < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
8.2CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.4CVSS
8.8AI Score
0.028EPSS
Wiz achieves Red Hat Vulnerability Scanner Certification
Wiz’s vulnerability scanning is now certified by Red Hat, providing customers with refined assessment of vulnerabilities for Red Hat...
7.4AI Score
7.4CVSS
7.1AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)
The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in...
9.8CVSS
9.4AI Score
0.123EPSS
RHEL 6 : gitpython (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267) Note that Nessus has...
6.5AI Score
0.001EPSS
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) golang: html/template:...
9.9AI Score
0.014EPSS
RHEL 9 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) Angle brackets (<>)....
9.2AI Score
0.003EPSS
RHEL 5 : gnupg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gnupg2: OpenPGP Key Certification Forgeries with SHA-1 (CVE-2019-14855) mainproc.c in GnuPG before 2.2.8...
8.4AI Score
0.004EPSS
RHEL 7 : nodejs-semver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-semver: Regular expression denial of service (CVE-2022-25883) Note that Nessus has not tested for this issue...
7.5AI Score
0.001EPSS
RHEL 6 : nodejs-semver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-semver: Regular expression denial of service (CVE-2022-25883) Note that Nessus has not tested for this issue...
8.7AI Score
0.001EPSS
RHEL 7 : gitpython (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267) GitPython...
8.4AI Score
0.001EPSS
How AI enhances static application security testing (SAST)
In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...
7.8AI Score
GLSA-202405-29 : Node.js: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...
9.8CVSS
9.4AI Score
EPSS
3.7CVSS
4.4AI Score
0.001EPSS
3.7CVSS
4.4AI Score
0.001EPSS
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...
7.2CVSS
7.5AI Score
0.0005EPSS
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...
7.2CVSS
7.5AI Score
0.0005EPSS
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...
7.2CVSS
8.1AI Score
0.0005EPSS
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...
7.2CVSS
7.7AI Score
0.0005EPSS
Malwarebytes Premium Security earns “Product of the Year” from AVLab
After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.” The recognition cements Malwarebytes Premium Security’s perfect record....
7AI Score
CentOS 9 : openssl-3.0.7-18.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-18.el9 build changelog. Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function...
9.8CVSS
8.6AI Score
0.116EPSS
CISO Perspectives on Complying with Cybersecurity Regulations
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is....
7.3AI Score
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the...
7.2AI Score