7.4AI Score
RHEL 8 : python-idna (RHSA-2024:3552)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3552 advisory. Security Fix(es): * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable...
7.6AI Score
EPSS
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...
7.6CVSS
7.5AI Score
EPSS
RHEL 8 : python-idna (RHSA-2024:3543)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3543 advisory. Security Fix(es): * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Tenable...
7.3AI Score
EPSS
RHEL 8 : nodejs : (RHSA-2024:3553)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3553 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...
8.2CVSS
8.4AI Score
0.0004EPSS
RHEL 9 : nodejs (RHSA-2024:3545)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3545 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. ...
8.2CVSS
7.6AI Score
0.0004EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
6.7AI Score
0.0004EPSS
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...
7.5CVSS
7.1AI Score
0.0004EPSS
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...
7.5CVSS
7.4AI Score
0.0004EPSS
CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...
7.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...
7.5CVSS
7.4AI Score
0.0004EPSS
OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered
OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...
6.8AI Score
AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:3466)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7.8CVSS
7.7AI Score
EPSS
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of CVE-2023-46104. This link is maintained to preserve external references. Original Description With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by...
6.5CVSS
6.2AI Score
0.001EPSS
How to Build Your Autonomous SOC Strategy
Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from.....
7.2AI Score
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1738)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...
7.5CVSS
7AI Score
0.024EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1761)
The remote host is missing an update for the Huawei...
7.5CVSS
6.9AI Score
0.024EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1738)
The remote host is missing an update for the Huawei...
7.5CVSS
6.9AI Score
0.024EPSS
7.2AI Score
0.0004EPSS
EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1761)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...
7.5CVSS
7AI Score
0.024EPSS
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the...
4.3CVSS
6.8AI Score
0.0004EPSS
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the...
4.3CVSS
4.6AI Score
0.0004EPSS
CVE-2024-35221 Denial of service when publishing a package on rubygems.org
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-35221 Denial of service when publishing a package on rubygems.org
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the...
4.3CVSS
4.6AI Score
0.0004EPSS
Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha
Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and]...
7.7AI Score
RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fix(es): * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in...
7.5CVSS
8AI Score
0.732EPSS
RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:3466)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3466 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
7.8CVSS
7.9AI Score
EPSS
RHEL 7 : rh-nodejs14 (RHSA-2024:3472)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3472 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security...
8.2CVSS
6.6AI Score
0.0004EPSS
4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets
You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the...
6.7AI Score
RHEL 9 : mod_http2 (RHSA-2024:3417)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
7.5CVSS
6.7AI Score
0.005EPSS
RHEL 8 : varnish:6 (RHSA-2024:3426)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3426 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.3AI Score
0.0004EPSS
RHEL 9 : mod_http2 (RHSA-2024:3402)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3402 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
7.5CVSS
6.7AI Score
0.005EPSS
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
5.3AI Score
0.0004EPSS
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-27310 DOS Vulnerability
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27310 DOS Vulnerability
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
5.3AI Score
0.0004EPSS
6.5AI Score
Fedora: Security Advisory for xen (FEDORA-2024-4357ec611d)
The remote host is missing an update for...
6.2AI Score
EPSS
Fedora: Security Advisory for xen (FEDORA-2024-a676697123)
The remote host is missing an update for...
6.2AI Score
EPSS
Fedora: Security Advisory for xen (FEDORA-2024-a46df5ba2f)
The remote host is missing an update for...
6.2AI Score
EPSS
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score
7.8CVSS
6.4AI Score
0.001EPSS
7.8CVSS
6.4AI Score
0.001EPSS
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....
7.5CVSS
8AI Score
0.001EPSS
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....
7.5CVSS
7.7AI Score
0.001EPSS
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this.....
7.5CVSS
8AI Score
0.001EPSS