7.3AI Score
0.0004EPSS
U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....
7.2AI Score
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...
7AI Score
Debian dla-3836 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3836 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3836-1 [email protected] ...
7.2AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.3AI Score
0.0004EPSS
Oracle Linux 8 : glibc (ELSA-2024-12440)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)....
4.8AI Score
0.0005EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
7.9AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
0.0004EPSS
7.1AI Score
0.0004EPSS
[2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 ...
7.2AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
hr-pua.com Cross Site Scripting vulnerability OBB-3935354
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Debian dsa-5711 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...
7.5AI Score
0.0004EPSS
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
8.3AI Score
0.0004EPSS
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
0.0004EPSS
An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...
8.8CVSS
7.2AI Score
0.001EPSS
An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...
7.8AI Score
0.0005EPSS
glibc bug fix and enhancement update
An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10.....
6.8AI Score
An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...
7.5AI Score
0.0004EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
8.6AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
0.001EPSS
CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
6.9AI Score
0.001EPSS
CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
8.8AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
0.001EPSS
CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
0.001EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...
0.0004EPSS
AlmaLinux 9 : libreoffice (ALSA-2024:3835)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...
8.8CVSS
9.2AI Score
0.001EPSS
Rocky Linux 9 : libreoffice (RLSA-2024:3835)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...
8.8CVSS
9.2AI Score
0.001EPSS
Rocky Linux 9 : glibc (RLSA-2024:3339)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...
7.7AI Score
0.0005EPSS
Rocky Linux 8 : glibc (RLSA-2024:3344)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3344 advisory. * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion ...
7.5AI Score
0.0004EPSS
[SECURITY] [DLA 3825-1] firefox-esr security update
Debian LTS Advisory DLA-3825-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 13, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.12.0esr-1~deb10u1 CVE...
7.5AI Score
0.0004EPSS
Debian dla-3825 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...
7.6AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
0.0004EPSS
A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5898 itsourcecode Payroll Management System print_payroll.php sql injection
A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
6.3CVSS
0.0004EPSS
Debian dsa-5709 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5709 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5709-1 [email protected] ...
7.2AI Score
0.0004EPSS
RHEL 9 : libreoffice (RHSA-2024:3835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.3AI Score
0.001EPSS
[7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...
8.8CVSS
7AI Score
0.001EPSS
Oracle Linux 9 : libreoffice (ELSA-2024-3835)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz#2210193 CVE-2023-0950 Array Index...
8.8CVSS
7.4AI Score
0.001EPSS
7.3AI Score
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
9AI Score
0.001EPSS
Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them
_Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. _ In an...
9AI Score
7.4AI Score
6.5AI Score
0.0004EPSS
Oracle Linux 8 : glibc (ELSA-2024-3344)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
6.6AI Score
0.0004EPSS
Oracle Linux 8 : glibc (ELSA-2024-3269)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <[email protected]> Tenable has extracted the...
6.3AI Score
0.0005EPSS